The Weekly Breach Breakdown: Open Sesame: The Passkeys to Success – The End of Passwords Nears

• Google recently announced that they have begun to roll out passkeys, which let you log in with a fingerprint, face scan or screen lock PIN. The latest news hints that the end of passwords could be nearing.
• Passkeys are easier to use and more secure than passwords. They do not require you to rely on the names of pets, birthdays or special characters. They are also resistant to online attacks like phishing attacks.
• If you have a Google account, you can try them out at co/passkeys. For Google Workspace accounts, administrators will soon have the option to enable passkeys for their end-users during sign-in.
• Passwords still work for Google accounts, and the Identity Theft Resource Center (ITRC) encourages everyone to use strong and unique 12+ character passphrases for all of their accounts if passkeys are not available.
• To learn about data compromises, consumers and businesses should visit the ITRC’s improved data breach tracking tool, notified.
• The ITRC has launched a beta test of a new service for businesses that want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live chat on the company website, idtheftcenter.org.

Open Sesame: The Passkey to Success

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for May 26, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we discuss the importance of strong passwords, passphrases and passkey protection. In particular, we talk about news from Google on the implantation of passkeys, possibly meaning the end of passwords.  

Whether to keep ancient treasures safe from thieves or guard secret speakeasies, passwords have been used as the first line of defense against bad actors. However, these days, you’ll need something stronger than ‘Open Sesame’ to keep identity thieves at bay.

The Importance of Strong Passwords

Passwords are a crucial aspect of online security. Keeping them safe is your first line of defense against bad actors. One recommended way to keep your accounts secure is using passphrases instead of traditional passwords. Passphrases are longer than typical passwords and consist of multiple words – usually a saying you can remember. It makes them easier to remember and more challenging to crack.

Experts recommend that passphrases be at least 12 characters long and contain a mix of upper and lowercase letters, numbers, and symbols. It ensures they are strong and secure enough to protect your accounts from unauthorized access.

What Are Passkeys?

You may have also heard of passkeys. Passkeys are a newer way to sign in to apps and websites. Passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN or pattern. Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than SMS one-time codes.

Google Begins Rollout of Passkeys

For the first time, Google has begun the rollout of passkeys, which could mean the end of passwords. Last year, Google, Apple, Microsoft and ITRC partner the FIDO Alliance announced they would begin work supporting passkeys on their platforms. On Google accounts, there will be an additional option to sign in, alongside passwords and multi-factor authentication (MFA). They can be tried out at g.co/passkeys. For Google Workspace accounts, administrators will soon have the option to enable passkeys for their end-users during sign-in.

Passkeys and Passphrases Keep Your Online Accounts Secure

Remember, a strong password is your first line of defense against cybercriminals. By using passphrases or passkeys and following best practices for password safety, you can keep your online accounts secure and protect your personal information from theft or misuse. It is also still important to create different passphrases for every online account and enable MFA with an app when possible. You should avoid using the same or similar passwords for work and personal accounts and never share login credentials with others, even trusted family members.

The ITRC is an excellent resource for learning more about password safety and identity theft prevention. We can offer tips and advice on creating strong passwords, securing your accounts and protecting your personal information online. While passkeys continue to evolve, it is not the end of passwords – yet.

ITRC Breach Alert for Business Coming Soon

The ITRC continues a beta test of a new service for businesses, Breach Alert for Business, that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip, for the latest in all things compromise, crime, and fraud that impact people and businesses. Last week, we discussed the findings from our 2022 Trends in Identity Report. We will return next week with another edition of the Weekly Breach Breakdown.