The Limited Times

Now you can see non-English news...

The Complete Password Guide: How is it safest to log into your websites and apps? - Walla! technology

2023-01-16T11:11:03.692Z


Why is it better to get rid of passwords altogether, and if you have to use them, why is it better to do it with one central account like Google or Apple? Instructions


Passwords (Photo: ShutterStock)

For most of us, the holy pair of username and password has become a permanent thing in our lives until it is imperceptible, like saying "Hello".

Our digital saying of peace is in the bank, in the supermarket's app, in the app of the preferred gas station (of course!), to Spotify, to Facebook, to Google, to Apple, etc., etc.

But already today the big technology companies are moving towards a password-free world.

Not only do you not have to remember a million different combinations, a world without passwords is also safer.

This guide is going to give you some order.

Passwords are not secure

Today's accepted convention in the security and cyber world is that passwords, by their very nature, are an insecure business.

It is enough to see the fiasco that happened to the password manager LastPass where millions of passwords that were concentrated in one basket were stolen and are now in danger, or to hear news every morning about people who fell victim to a phishing attack or who obtained their password in another way and fell victim to impersonation, identity theft, and more.

So passwords alone are already out.

What do we have instead?



To add a more effective layer of protection, technology companies came up with three possible solutions:

1. Two-step verification

- where an additional verification component is sent to you, usually a numerical code, in an SMS message or directly to a device that is recognized as a recognized and safe device, such as your smartphone.



2. Biometric authentication

- use of a biological component with details unique to you such as facial features or a fingerprint.

This is actually what most of us already use today every time we unlock our smartphone or computers from recent years as well.

The companies use the scanning device that is already present in the device to add a layer of security to your daily uses, and biometric security is considered the best option at the moment.



3. SSO central account

- The big companies like Google, Facebook, Microsoft, Apple and also Amazon in some cases, offer us to use our account with them to connect to other websites and services, which is known in the professional parlance as Single Sign On or SSO for short.

The advantage of this method is that you don't have to remember a separate password for each site, but it's also a bit like putting all your eggs in one basket (although all companies use one of the two previous methods for their account).

More in Walla!

How do you turn a plastic package into a flower pot?

In cooperation with the Tamir Recycling Corporation

Biometric authentication - use of a biological component with details unique to you such as facial features or a fingerprint (Photo: GettyImages)

"Biometric authentication, multi-step authentication, or authentication using existing accounts help protect against the risks usually associated with using only passwords," explains Aviad Mizrahi, the CTO of FrontEgg, which provides a user management system for apps and websites.



"First, without passwords, it is much more difficult for hackers to break into protected laptops, smartphones and apps. Biometric authentication is optimal, as it is almost impossible for them to mimic a face or fingerprint from a remote location. In addition, it also significantly improves the user experience of customers when it allows users to register and enter the service faster. Second, even if passwords are already used, with the help of two-step verification, SaaS (software as a service - n.l.) companies can add another layer of security," adds Mizrahi.


So, as mentioned, what is most recommended, if possible, is to get rid of the use of passwords altogether, because the use of the password itself is a weak point that hackers can attack or steal.

"Without passwords, it's much harder for hackers to break into laptops, smartphones and apps" (Photo: Pixabay.com)

Get rid of the password?

It is possible

Microsoft offers those who use its services to make the account without a password already today, using a smartphone with a fingerprint reader as the main means of identification, and replacing the username and password.


Similarly, about a month ago, Google released a similar option for Chrome users - starting with version 109 of the popular browser, you can use passkeys as a replacement for passwords, using your smartphone or a physical security key that can be purchased separately.



But, even if psychologically or technologically you are still unable to say goodbye to the use of passwords, and everything we have described now sounds complicated and scary to you - the recommendation is that when registering for new sites that allow this, do not create a separate password for them, but use login with a central account (SSO) as we described brings up.

One from Google, Facebook, Microsoft or Apple, when on this central account, two-step verification is of course activated, for added protection:



"Logging in to devices, apps and websites using a Google, Microsoft, or Facebook account is not dangerous in itself," Mizrahi tells us.

"On the contrary, similar to biometric authentication, it actually increases the security level of the authentication. At the same time, since the login to Google, Apple or Facebook is with the help of a password itself, the disadvantages of authentication with a password are preserved, and therefore the risk is preserved when entering the next party in the chain. Therefore, We recommend minimizing the use of passwords for login verification in general - but, if you're already facing a new login screen or creating an account, logging in with Google/Microsoft/Facebook will be preferable to creating a new password. Just please stay safe and ensure two-step verification on accounts as well These", recommends Mizrahi in conclusion.

  • technology

  • privacy and security

Tags

  • Passwords

Source: walla

All tech articles on 2023-01-16

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.