World Password Day: Passkeys, Multi-Factor Authentication, everything is better
Every first Thursday in May is World Password Day. Time to take care of better security.
(Image: Shutterstock/selinofoto)
World Password Day is a reminder that access credentials should be secure. What was originally just about complexity and reuse now means significantly better security mechanisms.
The perennial statistics still list "123456" and similar passwords as frequently used in all sorts of password data leaks. Of course, passwords should be more complex and include longer character strings with upper and lower case letters, special characters, and numbers. And a unique variant for each access. Password managers, which are also available free of charge, can help with this by taking care of the memorization and releasing access data after entering the master password or after biometric authentication.
However, as IT systems are repeatedly breached and access data is leaked, the security concept should not be limited to the simple combination of username and password. Otherwise, attackers can directly access users' accounts.
Passwords: Dress up or replace
Where possible, users should therefore activate multi-factor authentication. By proving possession of an additional factor, the account owner must identify themselves during logins. This could be, for example, a number combination from an authenticator running on a smartphone. Worse alternatives would be two-factor authentication via email or SMS. Attackers should not have access to these, and access should be denied.
However, criminals have been prepared for this for a long time. In phishing campaigns, they aim to be in real-time contact with potential victims and thereby circumvent authorization using an additional factor.
Videos by heise
Therefore, switching to Passkeys is ideal. More and more companies are offering them for more secure access to online accounts. Passwords are no longer used; instead, it is protection based on cryptographic certificates. Counterparts authenticate themselves as genuine. Attackers cannot impersonate the person they are attacking due to the lack of a private key. Numerous password managers can now handle passkeys and even make them usable across devices.
(dmk)
