Beyond Passwords Securing the Future with Passkeys
You do have a good passwords?
Office 365 Password Guidelines
- Min 8 characters
- Three of the following are required
- Lowercase char
- Uppercase chat
- Number (0-9)
- Symbol
Passwords
Good Or Bad?
Peter123Passwords
Good Or Bad?
Peter123
P@t@r12!Passwords
Good Or Bad?
Peter123
P@t@r12!
Euricom2024Passwords
Good Or Bad?
Peter123
P@t@r12!
Euricom2024
bEw!UpFdn2kZV?a62@skf45APasswords
Good Or Bad?
Peter123
P@t@r12!
Euricom2024
bEw!UpFdn2kZV?a62@skf45A
euricom is the best😀
Passwords
Good Or Bad?
Peter123
P@t@r12!
Euricom2024
bEw!UpFdn2kZV?a62@skf45A
euricom is the best
junky dog star cruiser🤩
😀
Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
〞
– Randall Munroe
Passwords
Problems with passwords
| A password should be | A typical user password is |
|---|---|
| Complex | Simple |
| Unique | Re-used |
| Frequently updated | Does not change |
| A password should be | A typical user password is |
|---|---|
| Complex | |
| Unique | |
| Frequently updated |
Password are always a problem
Yes, but I use a
-
Password Manager
- Single point of failure
- Target for hackers
- Vulnerable to phishing attacks
-
Two Factor Authentication
- Complexity
- Second device
- Also vulnerable to phishing attacks
Password are still a problem
What if we can remove the passwords?
Passkeys
What is a Passkey
- Passkeys are a more secure alternative to passwords
- More secure, because:
- Passkeys are resistant to phishing
- Have no secrets that can be leaked from servers
- Are generated automatically, never reused
- Also easier to use:
- Sign in with your face, your finger, or your PIN
Passkeys
How it works - Create Passkey on Laptop
Passkeys
How it works - Create Passkey on Phone
Passkeys
How it works - Login
Where can we use passkeys
- Apple
- PayPal
- Outlook.com
- Microsoft Office 365
- Microsoft Entra ID
- Amazon
- BMW
- Dropbox
- eBay
- Github
- Gitlab
- Vercel
Passwords
Are you secure?
https://www.jnttek.com/it-policy-how-often-should-you-change-your-passwords/
Hard to remenber, easy to guess
Passwords
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)
Its more secure but...
- Challenging to set up and maintain
- Not very user-friendly
- Password still required
- Limited to a single 2FA method & device
- Requires an additional device
- Still susceptible to phishing attacks
Presentiong
Passkeys
Ready for the future
Passkeys
How it works
Passkeys
How it works
The private key is used to sign a challenge from the server, proving possession of the private key and thus authenticating the user
Passkeys
How it works
The private key is used to sign a challenge from the server, proving possession of the private key and thus authenticating the user
Passkeys for Office 365
A guide
Passwords vs Passkeys
- Secret is shared
- Hard to use correctly
- Vulnerable to phising & brute force
Passwords
- Secret stay on device
- Easier to use
- Resistance to phising & brute force
Passkeys
😀
Where are the private keys stored
-
Device Storage: Private key is generated and stored locally during passkey creation.
-
Hardware Security: Private key is protected by hardware security, often with biometric authentication.
-
Sync Across Devices: Key can sync securely across devices via OS features like iCloud Keychain or Microsoft Authenticator.
What if I lose my device
- Passkeys can be synced by the OS
- You can have multiple passkeys for a single account
- Passkeys can be stored in password manager
What if Passkeys are not supported yet
Fallback to passwords 😉
But...
- Use a password manager
- Use strong passwords (long & multiple words)
- Don't re-use passwords
- Use 2FA when possible
No, LastPass is not considered 100% safe due to the security incidents and data breaches that affected the password manager and its users in the past. Hackers successfully threatened the provider on three different occasions – in 2015, 2021, and 2022 – which is why it’s impossible to endorse LastPass as a safe password manager for users.
LastPass, is it safe?
Use Passkeys
Use Strong Passwords
Use Password Managers
Draft of Beyond Passwords: Securing the Future with Passkeys
By Peter Cosemans
Draft of Beyond Passwords: Securing the Future with Passkeys
In this presentation, we’ll explore why passwords are a weak security solution and how passkeys offer a safer alternative through cryptographic protection and ease of use. We’ll demonstrate how to set up and use passkeys, and discuss alternatives when passkeys are not available yet.
