Download Publication
Who it's for:
- IT Security Professionals
- System Administrators
- Software Developers
- Cybersecurity Analysts
- Network Engineers
Beyond Passwords: The Role of Passkeys in Modern Web Security
Release Date: 11/12/2023
Working Group: Identity and Access Management
Web authentication methods have evolved significantly over the years to improve security and the user experience. In the early days of the internet, usernames and passwords were the primary means of authentication. Next came two-factor authentication, which added an extra layer of security but is rather inconvenient. This paved the way for the emergence of Passkeys as a more secure and user-friendly authentication method.
This research publication positions Passkeys as a revolutionary step towards passwordless authentication. It offers an in-depth explanation of how Passkeys work, while also contrasting them with other authentication methods. By leveraging the latest in cryptographic techniques and FIDO standards, Passkeys significantly enhance security while simplifying the user authentication process.
Key Takeaways:
- What Passkeys are and how they operate using cryptographic keys
- The security advantages of Passkeys over traditional passwords
- How Passkeys improve security by reducing the risk of phishing and other attacks
- How Passkeys integrate with WebAuthn and FIDO standards
- How to set up and manage Passkeys across different devices and operating systems
- Potential vulnerabilities and best practices for maintaining Passkey security
Download this Resource
Acknowledgements
Andrew Klaus
Andrew Klaus
Mark Loveless
Mark Loveless
Guillaume Rossolini
Guillaume Rossolini
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...
Kurt Seifried
Chief Innovation Officer, CSA
Kurt Seifried
Chief Innovation Officer, CSA
For over two decades, Kurt has excelled in information security, starting with Windows and Linux, and advancing to cloud computing and AI. With a strong focus on AI security, privacy, and open source, Kurt brings extensive expertise to the Cloud Security Alliance (CSA).
Are you a research volunteer? Request to have your profile displayed on the website here.
Interested in helping develop research with CSA?
Related Certificates & Training
Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more
For those who want to learn from the industry's first benchmark for measuring Zero Trust skill sets, the CCZT includes foundational Zero Trust components released by CISA and NIST, innovative work in the Software-Defined Perimeter by CSA Research, and guidance from renowned Zero Trust experts such as John Kindervag, Founder of the Zero Trust philosophy.
Learn more
Learn more