"Here on ZDNET, I've been writing a lot about passkeys -- the FIDO Alliance-backed passwordless replacement for traditional usernames and passwords. As far as I'm concerned, all organizations and users on the internet cannot make the move soon enough. However, I was reminded of how challenging and lengthy that transition will be (sadly, 10 years is my estimate) when I recently encountered warnings to change my password for ChatGPT."
"There was only one major problem: While I have a login to OpenAI, I suddenly realized I didn't have an OpenAI password. Wait. What?! How is that possible? Now what do I do? And why do freaky technical emergencies like this always happen at the worst possible time? And what kind of hypocrite am I to be recommending passkeys to everyone while not using a passkey to log into ChatGPT?"
Many websites let users sign in via existing consumer SSO providers, creating centralized credential hubs that increase risk when those providers are breached. Passkeys provide a passwordless authentication method that compartmentalizes credentials and can render many breaches irrelevant to individual accounts. Transitioning the internet ecosystem from passwords and SSO dependence to ubiquitous passkey use will be slow and difficult, with a multi-year timeline likely. Real-world incidents, such as warnings after a service breach, illustrate how SSO centralization and legacy password expectations can leave users uncertain about when password changes are necessary.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]