In the current era of digital technology, trust has become a vital resource. We rely on our devices for a multitude of tasks, including communication, identity management, financial transactions, and even preserving our memories. Yet, when faced with online security dilemmas, many ask themselves:
- Should I really store my password within my browser?
- Are password managers genuinely safe to use?
- What exactly is a passkey?
These questions are certainly legitimate. The brief answer is:
Indeed, technology can be trusted—but it’s essential to comprehend the decisions you make.
Password Managers: Your Digital Vault
A password manager operates like a secure vault, storing your login details for various apps and websites. You only need to remember a single primary password, while the manager manages the rest for you.
Consider two primary types of password managers:
- First-party: Offered by the creators of your device or browser, such as Chrome, Safari, Edge, and Firefox.
- Third-party: Supplied by another company, requiring separate installation, but may integrate with your browser.
Why You Can Trust Them
-
First-party browser and device password managers leverage deep integration with the platform’s security features.
-
Reputable and established third-party password managers have likely persisted due to their strong focus on security.
-
Password managers aid in the creation and management of strong, unique passwords, helping you to avoid common pitfalls such as “123456” or “password1.”
-
If you forget your primary password, many password managers provide recovery options, allowing you to regain access without losing all your stored passwords.
-
Password data is securely stored through the use of device features like security chips, encryption, or a combination of both.
-
Numerous first-party and third-party password managers now require biometric authentication, such as fingerprint or facial recognition, before granting access to passwords.
What to Be Cautious About
-
When selecting a third-party password manager, choose one from a reputable company with a proven security history.
-
Ensure your primary password is strong and refrain from reusing it elsewhere.
-
Browser-based password managers may lack advanced features found in standalone managers, such as secure notes or password sharing.
-
If someone has access to your unlocked laptop, they could potentially access your passwords—a situation less likely with mobile devices.
Recommended Practices
For ease of use, consider relying on the password manager provided by your browser or device manufacturer. However, if you desire additional features or if you use a complex variety of devices and browsers, selecting a reputable third-party password manager is advisable.
Passkeys: A New Era of Authentication
While most websites still rely on traditional passwords, the technological landscape is shifting. An increasing number of sites now offer passkeys as a password alternative. A passkey utilizes passwordless login technology founded on public-key cryptography. Supported by tech leaders like Apple, Google, and Microsoft, this new standard represents a significant advancement in online security. To discover more about the advantages of using passkeys, refer to NCSC’s article on Passkeys.
How Passkeys Function
-
Instead of using a password, your device generates a pair of intricate secrets for each website you register with.
-
During registration, your device retains one secret while providing the other to the website.
-
When logging in, your device verifies your identity (via your chosen unlocking method) and can demonstrate to the website that it possesses the device’s secret without divulging it.
-
This process occurs rapidly, often being eight times faster than the traditional method involving a username, password, and two-factor authentication, while also being more secure.
Why Passkeys Are Secure
-
They prevent phishing attacks. Each website has a unique passkey, making it impossible for your device to be tricked into accessing a counterfeit website.
-
In the case of a website hack, only the website’s secret is compromised, which can’t be used on any other site—unlike passwords, which may be reused across sites.
-
They’re compatible with biometrics. Your device authenticates you through your preferred method of unlocking, such as Face ID, fingerprint, or PIN.
Reasons to Make the Switch
Passkeys are rapidly becoming mainstream. Major companies like Google, eBay, and PayPal have already adopted them. They offer ease of use, are difficult to compromise, and help reduce password fatigue.
So, Can You Trust the Technology?
Absolutely. The current password managers and passkey technologies are designed with strong security principles. When utilized correctly, they provide far superior protection compared to human mental recall, sticky notes, or recycled passwords.
Final Recommendations:
- Evaluate the reputation of the tools before placing your trust in them.
- Ensure your devices remain secure by keeping them updated and using biometric locks.
- Backup your recovery options, such as utilizing recovery keys or trusted contacts.
- Embrace new security practices like passkeys—they simplify the process and represent the future of online security.
For additional guidance on managing your passwords, refer to NCSC’s password management tips, as well as their Top Tips for Online Security.
Amy B
Head of Citizen Resilience, NCSC
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/trust-the-tech-using-password-managers-passkeys-to-help-you-stay-secure-online
