Proton, known for its secure email system, has introduced passkey support for its password manager, Proton Pass, but not without taking a jab at "Big Tech" for keeping users' passkeys behind "walled gardens." In a recent blog post, Son Nguyen, founder of SimpleLogin and a developer at Proton Pass, criticized Apple and Google for prioritizing their ecosystems over creating an open, interoperable solution.
"Although passkeys were developed by the FIDO Alliance and the World Wide Web Consortium to replace passwords, their rollout hasn't lived up to expectations," Nguyen wrote. "Instead, Apple and Google have used the technology to keep users locked into their platforms, undermining the universal adoption necessary for passkeys to truly replace passwords."
Proton isn't alone in this sentiment. Roger Grimes, a defense evangelist at KnowBe4, agrees that the existing implementation of FIDO passkeys contributes to vendor lock-in. Grimes pointed out that FIDO is aware of the problem and is working on an updated version of the passkey standard to address it.
The FIDO Alliance, however, pushed back against Proton's claims. Executive Director and CEO Andrew Shikiar stated, "Passkeys were never intended to be exclusive to Big Tech. We've always envisioned an open ecosystem, which is why companies like 1Password and Dashlane are part of the FIDO Alliance." He emphasized that the Alliance is actively working on a new protocol to enable credential portability.
Despite the FIDO Alliance's assurances, Nguyen noted that the hasty rollout of passkeys by some companies has resulted in clunky user experiences. "Some password managers only support passkeys through a web extension, which complicates logging in on mobile devices," he explained. He also criticized the lack of free passkey options, with most requiring a paid plan.
However, Darren Guccione, CEO of Keeper Security, highlighted the advantages of passkeys. Unlike traditional passwords, passkeys rely on public-key cryptography, providing a more secure authentication method. Passkeys are inherently phishing-resistant, as the private key never leaves the user's device and is not transmitted over the network.
Despite the potential of passkeys, Guccione cautioned that they are unlikely to supplant passwords entirely in the near future. "Among the billions of websites in existence, only a fraction support passkeys. This limited adoption is due to various factors, including platform support, website adjustments, and user-initiated configuration," he noted.
Nguyen agreed that passkeys need widespread adoption to be truly effective. "Like many online features, passkeys benefit from a network effect. The more sites and services that use them, the more effective and secure they become," he wrote. However, he criticized Big Tech for focusing on commercial interests instead of providing a universal security solution.
In conclusion, while passkeys
represent a promising step towards a more secure and passwordless future, their
success depends on broader adoption and a commitment to interoperability. As
companies like Proton push for a more open approach, the journey toward a world
without passwords continues.
Zil-e-huma
Content Writer
Kairiz Cyber Technologies (SMC-Private Limited)
Post a Comment