More security: Federal Employment Agency relies on passkeys
The Federal Employment Agency is now offering support for passkeys for secure login to user accounts.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
The list of services and offers that can be used with passkeys now includes the online account at the Federal Employment Agency. Instead of simply using the username and password – and, if necessary, a second factor – a login option that is actually largely secure against phishers is now available.
The Federal Employment Agency's own Passkey website explains how to set it up and answers some frequently asked questions. Technically, with Passkeys, a pair of certificates links the computer used with a service or offer: a private certificate is secured locally, and a public certificate is stored on the server of the online service. Passwords are no longer transmitted. Usernames and passwords are often the target of phishing attacks. Such access data is also often found in data collections on the Internet. Attackers can then use them to act on behalf of the victim and cause damage. Private keys of passkeys remain local and are not sent to servers so that attackers cannot steal them.
No more passwords
People who use Passkeys no longer have to enter usernames and passwords, but usually simply place a finger on the fingerprint scanner of a smartphone or PC or have their face scanned to allow the private key to be used. This allows access to the account to be approved quickly and easily. The more secure solution is even more convenient.
Videos by heise
Passkeys can be created and, if necessary, deleted in the user account under “Employment Agency account” – “Manage passkeys”. Interested parties can create up to ten passkeys.
The Federal Employment Agency is thus following the recommendation of the Federal Office for Information Security (BSI). The country's highest IT security authority has officially recommended the use of passkeys since last October.
(dmk)
