Trusting the tech: using password managers and passkeys to help you stay secure online

In today’s rapidly evolving digital landscape, trust has become essential. We rely on our devices for various aspects of life, including communication, identity management, financial transactions, and even storing our memories. However, when it comes to safeguarding ourselves online, many individuals find themselves unsure and questioning:

Should I save my password in my browser?
Are password managers genuinely secure?
What are passkeys?

These inquiries are entirely valid. The straightforward answer is: yes, you can have confidence in technology—but it’s crucial to be informed about the decisions you make.

Password Managers: Your Digital Vault

A password manager functions as a secure vault for your login information across various websites and applications. Users only need to remember a single primary password, while the manager handles all others.

There are two primary categories of password managers you should consider:

First-party: Offered by the device or browser manufacturer, including options like Chrome, Safari, Edge, and Firefox.
Third-party: Supplied by independent companies that you must install separately, but often integrate seamlessly with your browser.

Reasons to Trust Password Managers

First-party password managers benefit from close integration with the overall security features of the platform.
Established third-party password managers tend to have robust security practices, having thrived due to their commitment to safety.
These tools aid in generating and managing strong, unique passwords, helping you steer clear of common choices like “123456” or “password1.”
In the event you’ve forgotten your primary password, many managers offer password recovery options to prevent loss of access to your passwords.
Password data is securely stored, utilizing device security features, encryption, or a combination thereof.
A growing number of password managers now incorporate biometric verification, such as fingerprints or facial recognition, before revealing passwords.

Important Considerations

When opting for a third-party password manager, ensure the company has a solid reputation and a proven track record in security.
Utilize a robust primary password and refrain from using it across different platforms.
Browser-integrated password managers may lack advanced capabilities found in dedicated options, such as secure notes or password sharing features.
If someone gains access to your unlocked laptop, they could access your stored passwords—a risk that’s less common on mobile devices.

Best Practices

If convenience is your top priority, the password manager that comes with your browser or device manufacturer is recommended for generating and managing your passwords. For those seeking added features, using a reliable third-party password manager is advised.

Passkeys: The Future of Authentication

Although most websites still require a password, the technology sphere is evolving, with an increasing number of platforms offering passkeys as an alternative. A passkey is a form of passwordless login that operates on public-key cryptography. This new standard is being developed and endorsed by major technology companies like Apple, Google, and Microsoft. For further insights into the advantages of using passkeys, refer to the NCSC’s Passkeys: the Promise of a Simpler and Safer Alternative to Passwords.

How Passkeys Function

Rather than a password, your device generates a pair of complex secrets for each website you register with.
During registration, your device retains one secret and shares the other with the website.
When you log in, your device verifies your identity (through your preferred unlocking method) and can prove to the website that it possesses the device secret without divulging it.
This process is incredibly swift, often eight times faster than traditional login methods involving usernames, passwords, and two-factor authentication, while being more secure.

Benefits of Passkeys

They prevent phishing attacks. Each website has a unique passkey, making it impossible for a device to be tricked into accessing fraudulent sites.
Even if a website suffers a hack, your passkey remains safe, as it is unique to that site; unlike a password, which may be reused across multiple sites.
Passkeys are friendly with biometric systems. Devices authenticate users through the unlocking methods they prefer, such as Face ID, fingerprint, or PIN.

Why You Should Implement Passkeys

Passkeys are being rapidly adopted. Companies like Google, eBay, and PayPal already support their use. They are straightforward, tough to compromise, and help mitigate password fatigue.

Can You Trust the Technology?

Indeed. The password managers and passkey systems currently in use are founded on solid security principles. When utilized correctly, these tools provide enhanced protection compared to relying solely on memory, sticky notes, or the practice of reusing passwords.

Final Recommendations

When selecting tools, consider their reputation as part of your trust assessment.
Maintain the security of your devices by keeping them updated and using biometric locks.
Backup your recovery options using techniques like recovery keys or trusted contact lists.
Don’t hesitate to embrace innovative security practices such as passkeys; they are user-friendly and represent the future direction of the internet.

For additional information on Managing Your Passwords, consult our Top Tips for Staying Secure Online guidance.