Passkeys and Data Privacy: A Secure Path to a Passwordless Future
What is it all about?
Explore the latest advancements in password security with the introduction of passkeys in Windows 11 and discover expert tips for creating strong passwords while protecting your data.
In this ever-connected digital age, staying up-to-date with the latest security enhancements is crucial as we navigate the complexities of our increasingly interconnected world. Recently, Microsoft rolled out a significant passkey enhancement in Windows 11, simplifying the adoption of passwordless authentication methods. In addition to passwordless adoption, Apple also has created* passkeys as a blend of “exceptional security” and unparalleled user-friendliness.
The influence of passkeys extends to a diverse array of platforms, including desktop operating systems like Chrome OS and Linux, as well as mobile systems such as iOS 16, iPadOS 16, and Android devices running Android 9 or later. Moreover, passkey support has been seamlessly integrated into some of the most widely used web browsers, such as Safari, Google Chrome, Microsoft Edge, and Mozilla Firefox.
These advancements not only aim to enhance security against malicious code and potential cyber threats but also represent a pivotal shift in how users safeguard their digital identities. By implementing passkeys, systems and devices provide users with better protection in the evolving threat landscape.
Table of Contents:
What are Passkeys?
Instead of relying on traditional passwords, users can now utilize “passkeys” for authentication. Passkeys are cryptographic credentials stored securely on the user's device, making them incredibly difficult for hackers to guess. This change is intended to bolster security by preventing hackers from exploiting stolen passwords, mainly through phishing attacks.
These technologies enable users to authenticate themselves using convenient methods such as facial recognition, fingerprint scanning, or a device-specific PIN, enhancing security and simplifying the login process for users when accessing websites or applications, as they can rely on more secure and user-friendly authentication methods instead of traditional usernames and passwords.
Related topic: Understanding and Implementing Data Protection Basics – Get Informed with heyData
Traditional Passwords Aren’t Going Away Soon
While the transition to passkeys is a significant step forward in bolstering online security, it's essential to acknowledge that traditional passwords are far from disappearing despite the increasing security concerns associated with them. According to Verizon, 82% of security breaches were due to stolen credentials in 2021.
A common challenge of using passwords is the burden of managing numerous passwords. Many employees have valuable information stored within their online accounts that requires utmost protection. Yet, given the multitude of passwords, many of them tend to choose simple and easily memorable login credentials or resort to reusing the same passwords across multiple accounts. NordPass, a password manager vendor, discovered that the most frequently used password was "password," and it took less than one second to break it.
Importance of password security and data privacy
The prevalence of security breaches due to stolen credentials highlights the ongoing need for strong and resilient passwords. Therefore, creating a strong password remains a critical aspect of safeguarding personal and business data, as well as becoming highly resistant to guessing or cracking attempts, particularly those carried out through brute force attacks. Hackers employ computer programs to systematically test combinations of letters, numbers, and symbols to discover the correct password.
In 2023, several notable companies experienced data breaches due to stolen passwords:
- T-Mobile disclosed that they fell victim to a second data breach in February 2023, where hackers gained access to the personal information of hundreds of customers.
- Mailchimp also encountered a security breach after attackers gained access to employee credentials after conducting a social engineering attack on Mailchimp employees and contractors, allowing the threat actors to access the data of 133 customers.
- Google Fi confirmed that their customers' personal data was compromised in a recent cyberattack, which is believed to be in connection with a T-Mobile data breach in February 2023.
It is important to note that any company that stores user data is at risk of a data breach, regardless of size or industry. Strong passwords should incorporate a mix of uppercase and lowercase letters, numbers, and special symbols like punctuation marks to combat this. While a minimum length of 12 characters is recommended, it's advisable to create passwords that are longer for enhanced security.
There are various options available for users to generate distinctive and robust passwords for all their online accounts, such as:
Password Managers
Consider using password generator tools such as 1Password, Bitwarden, NordPass and the robust open-source alternative Keepass. These tools offer a quick and secure way to generate, store, and manage strong passwords by creating random character sequences that are exceptionally difficult to crack. In business settings, it's highly recommended to provide these password managers for all employees, ensuring a standardized and secure approach to password management.
Moreover, built-in password managers in web browsers and operating systems can be a convenient option. However, it's crucial to note that if these built-in managers are compromised, they could potentially grant access not only to your passwords but also expose your entire browsing history or even compromise the entire operating system. Consequently, while convenient, they may not offer the same level of security and control as dedicated password manager tools. Therefore, a thoughtful consideration of your security needs is essential when choosing the right password management solution.
Selecting a password generator or management tool isn't just about convenience; it's also about ensuring that the tool aligns with the General Data Protection Regulation (GDPR). To verify if your chosen solution meets GDPR standards, consult your Data Protection Officer for tailored advice.
Strong Passphrase
Instead of using a single word, use a passphrase. Passphrases are longer and more secure. Take a memorable phrase's first letters, numbers, and punctuation to create a seemingly random combination of characters – also, substitute letters with numbers or symbols for added complexity.
Use Emoticons
Consider using emoticons, especially coded versions typically made up of punctuation, letters, or numbers, to include symbols without making the password harder to remember.
Enable Two-Factor Authentication (2FA)
Always enable 2FA whenever possible, as it adds an extra layer of security by requiring a second piece of information (usually a one-time code) after entering the password. Use a dedicated 2FA app for added security.
Keep Passwords Private
Never share passwords, even with trusted people. Avoid sending passwords via text message, email, or phone calls, as these methods can be intercepted.
Employee Compliance Training
Employee compliance training for passwords is essential to protecting businesses from cyberattacks. For organizations, employee compliance training is necessary to protect against cyberattacks. Employees should be trained and regularly reminded of password security best practices. Training should be easily accessible and comprehensive.
By providing effective Employee GDPR compliance training, you can help to protect your organization from cyberattacks and keep your data safe.
Martin Bastius, Co Founder and CLO heyData
Final Notes
As technology advances and cyber threats evolve, data privacy and password security remain crucial. Embracing innovations like passkeys while adhering to best practices for strong password creation and management will ultimately help individuals and businesses stay one step ahead in the ongoing battle against cyber threats.
Subscribe to our email newsletter to get the latest data protection and compliance updates, plus our newest blogs, delivered directly to your inbox!
Compliance Newsletter
Subscribe to our newsletter now and stay updated with the latest insights on data protection, GDPR, cybersecurity, and other important compliance frameworks like revDSG, NIS 2, and ISO 27001. Get expert tips, exclusive resources, and access to regular webinars. Don’t miss out on crucial news and developments!
More articles
The Apple and OpenAI Partnership
Apple's partnership with OpenAI to integrate ChatGPT into Siri marks a significant advancement in AI, promising smarter user interactions. However, it also brings data privacy and compliance challenges. As a data protection company, we explore the implications for businesses and consumers, emphasizing the need for robust compliance frameworks and external validation to ensure trust and transparency.
Learn more
NIS2 Insights: Expert Tips On Compliance And Business Impact
The NIS2 Directive updates EU cybersecurity requirements and extends the regulations to more sectors, including healthcare and public administration. It tightens reporting requirements, increases penalties and demands more responsibility at the management level. Even companies that are not directly affected benefit from increased security measures to strengthen trust with partners and prepare for future regulations. First steps include risk assessments, training and reporting processes to integrate cybersecurity holistically.
Learn more
The international security standard - ISO 27001
ISMS and ISO 27001 in companies - what to consider. Read more in the article
Learn more