Passkeys are definitely not a panacea in the fight against cybercriminals

17/05/2023
152

More and more major tech companies are introducing a new way for people to log in with the passkeys feature. Instead of people entering a password, they must perform an action with a device such as their smartphone. Think of clicking on a login confirmation message or swipe pattern or checking a fingerprint. People can better protect themselves from phishing emails with this passkey technology. But it is not the case that passkeys are completely resistant to phishing, as Apple claims. That requires a combination of security measures.

Cybercriminals can carry out phishing in many ways. For example, they get their victims to click on links that redirect to the so-called sender's website. When people enter their e-mail address and password here, cybercriminals can steal them and use them to their advantage. Because people with passkeys no longer have to use passwords, but instead perform an action with their own device, they can prevent cybercriminals from being successful and misusing their data to log into their online accounts.

But that is not true of all phishing emails. Take Business Email Compromise (BEC) attacks, for example. This is a form of social engineering in which a cybercriminal poses as a company's CEO or HR manager in an email. In that e-mail, he asks an employee of that company to share certain data or deposit an amount of money into an account number "as soon as possible. Cybercriminals spend a lot of time and attention on these emails. By making things like the email address, sender, subject and tone of voice as realistic as possible. Against this type of social engineering attack, passkeys are not going to work.

If people don't realize when they are being manipulated and are single-handedly sharing data with a cybercriminal, technology is never going to make a difference. Neither are passkeys. So they are not a cure-all fix and certainly not anti-phishing. People must not only rely on technology, but also be knowledgeable and aware of cybercriminals' tactics in order to engage in safe behavior. This is the only way to reduce the chances that cybercriminals can make their move.

Recent

HubSpot launches first free tool for AI search optimisation

29% of European employees believe AI can be a better boss than a human

Zonneplan, Tibber and Budget Energie best dynamic energy suppliers according to Keuze.nl research

PQR wins HPE Award for Solution Provider in North West Europe

© Dutch Tech On Heels - 2024
Made with
Web Wings