The Weekly Breach Breakdown Podcast by ITRC - Knock Knock - S3E16

Show Transcript

Knock, Knock

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for June 10, 2022.  Each week, we look at the most recent events and trends related to data security and privacy. This week we talk about the bane of most people’s online existence – the password. We also look at Apple passwordless authentication, coming soon.

Passwords have been around since ancient times. One of the earliest descriptions of a password can be found in military manuals from the early Roman Empire – when code words were used to ensure whoever was entering a camp was who they claimed to be. Later, Shakespeare wrote in That Scottish Play the words every child knows – “Knock, knock, who’s there?”

From those humble yet effective beginnings, we have come to a point where passwords – or passcodes as they are sometimes known – are widely prized by identity thieves. They are universally hated by everyone who has more than one or two accounts.

Passwords: A Weak Link in Cybersecurity

We talk a lot on this podcast about how passwords are often the weakest link in cybersecurity. Identity criminals know that. They take full advantage of the fact that more than 80 percent of people admit they use the same or similar passwords on every account they have.

Apple to Turn to Passwordless Authentication

Earlier this year, Microsoft announced they were going passwordless inside the company. They also said they would eventually make passwordless computing available to every Windows user. This week, Apple announced a similar plan that will roll out this fall for all users of Apple devices and products that also connect to the Apple ecosystem of products.

How Apple Passwordless Authentication Will Be Done

Working with the FIDO Alliance, a group that the ITRC also works with to help protect online identity use, Apple will launch a new feature known as Passkey, a digital key designed to help protect users from bad actors that will replace a user’s passwords.

Passkey will be built into the next version of the Apple operating systems. It will take advantage of the Mac device’s biometric features, known as TouchID for fingerprints and FaceID for faces.

The beauty of these features is that the Passkey information will work with websites and applications requiring credentials. Unlike today, the data will never leave the user’s device and be sent over the open web.

In announcing Apple passwordless authentication this week, one vice president described the new system this way:

“When users create a passkey, a unique digital key is created that only works for that site. Since the passkey never leaves your devices, hackers can’t trick you into sharing on a fake website. And passkeys can’t be leaked because nothing secret is kept on a website.”

Passkey Will Also Work on Non-Apple Devices

One other bit of good news as the traditional password begins to fade away: Apple worked with members of the FIDO alliance, including Google and Microsoft, to ensure passkeys will work seamlessly across non-Apple devices.

If you are a particularly curious user with mad tech skills, you can download a developer beta version of the new macOS Apple passwordless authentication that includes Passkey. The rest of us will have to wait until the fall.

Contact the ITRC

If you want to learn more about protecting yourself or your business from identity crimes, or if you think you have been the victim of an identity crime or compromise, visit our website at www.idtheftcenter.org. You can speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). 

Next week, we will start a two-part series on our sister podcast, the Fraudian Slip. Two of the nation’s leading privacy attorneys will guide us through a deep dive into five state privacy laws and the possibility of a long-sought national privacy law. We will be back in three weeks with another episode of the Weekly Breach Breakdown.