Passkey is added to the MFA methods supported by Yookey
Passkey is the alternative to passwords and marks a definitive transition to a new chapter in cybersecurity, this time, Passwordless.
Despite authentication systems having relied on passwords until now, it has become clear over time that while they serve as a security key, they also represent the weak link in account security due to their susceptibility to Phishing attacks.
Passkey is a secure authentication method based on a recognition system (fingerprint, face, PIN, sequence), generated and stored locally on users’ devices.
During the registration process, two keys are created: a public key and a private key, which is encrypted and securely stored on the user’s device. Both keys are required for accessing the account. This mechanism is known as Asymmetric or Public Key Authentication.
Passkey adopts the WebAuthn Standard, or rather, adheres to and implements the technical specifications provided by FIDO2, which include WebAuthn and CTAP (Client to Authenticator Protocol).
WebAuthn Standard
WebAuthn or Web Authentication is the open standard (FIDO2 framework) established by the FIDO Alliance and the World Wide Web Consortium (W3C) with participation from Google, Mozilla, Microsoft, and other major players, upon which Passkey is based.
The WebAuthn API allows servers to register and authenticate users using public key cryptography instead of a password, ensuring that authentication works regardless of the device’s operating system, whether it be Android, iOS, Mac, or Windows.
In most cases, the WebAuthn client that implements the authentication API is a compatible browser (currently supported by all major browsers and Android and Apple devices).
Why is Passkey an effective measure against Phishing?
Passkey is effective against phishing attacks because the unique password is stored locally on the user’s device and is never transmitted over the network.
This means that even if a user is tricked into providing their passkey to a phishing site, cybercriminals will not be able to use it to access their accounts, as the passkey is not valid on other devices. This makes it much more difficult for hackers to compromise user access, thus protecting their personal and financial information.
Passkey and FIDO
The birth of Passkey is closely tied to FIDO (Fast Identity Online), an organization that promotes open standards for strong authentication. The FIDO Alliance comprises key players in the web industry such as Google, Microsoft, and Apple.
FIDO’s main objective is to enhance online security by using more advanced authentication methods, such as biometrics and asymmetric cryptography, aiming to reduce reliance on traditional (static) passwords, which are too vulnerable to theft regardless of their complexity.
The other MFA methods supported by Yookey | Keycloak SaaS
In addition to Passkey, the other MFA methods supported by our Yookey- Keycloak as A Service are:
- Sms and email
- Virtual Authenticator (Microsoft and Google authenticator)
- Physical tokens.
E-time with Rete Dafne against every form of violence
It’s time to reveal our second “Useful Gift” for Christmas 2023.
The events of the last months of 2023 have received significant media attention, bringing the issue of gender-based violence back into the spotlight, which remains a real scourge in Italy and beyond.
Therefore, we have chosen to make our small contribution to Rete Dafne, which daily provides support and assistance to victims of gender-based violence, and not only because the work of Rete Dafne concerns all victims of any type of crime.
For further information about the valuable work carried out by this association, we refer you to their website: retedafne.it
E-time is participating in the Plastic Pull project.
This Christmas, we have focused on two themes that are very important to us, and one of them is the Environment.
E-Time has contributed to collecting 37 kg of waste abandoned on beaches, in parks, and on streets, requalifying degraded ecosystems in Italy located in areas where local administrations do not intervene. All of this has been made possible thanks to the Plastic Pull project by Piantando.
The project
Plastic Pull is one of Piantando’s social and environmental impact projects, with the goal of recovering tons of scattered waste throughout Italy, leveraging its network of associations and initiatives.
After identifying the areas of degradation to intervene, Piantando coordinates the intervention with field contacts. Each collected bag is certified, including photographs, location and date of collection, weight, disposal method, and the operational team.
Who is Piantando
Piantando is a Benefit company that initiates social and environmental impact projects worldwide by collaborating with companies of all sectors and sizes. The central focus of Piantando’s work is transparency and sustainability, which characterize each project and ensure its proper development.
Below is the link where you can find more information about the project supported by E-time and our contribution: E-time X Plastic Pull