Passwordless Passkey Logins 2023 - Are they Safe for Privacy?
ฝัง
- เผยแพร่เมื่อ 16 พ.ค. 2023
- I will perform an in depth review of the new Passkey technology being introduced by Google, Apple and Microsoft as an alternative login to their operating systems beginning in late 2023.
This standard was established by the FIDO Alliance and sooner, rather than later, most applications and platforms will be using this.
We will analyze the concerns that came to my mind immediately after hearing how this technology works and we will see if it creates a new risk to our privacy or not.
FIDO Passkeys Video
• Passkeys in Action
-----------------------------------
BraX2 Privacy Phone is now available on brax.me. Sign in to the platform to see the store.
-----------------------------------
Merch Store
my-store-c37a50.creator-sprin...
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.com/user?u=17858353
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/invite/@RobBraxm...
Rumble
rumble.com/c/robbraxman - วิทยาศาสตร์และเทคโนโลยี
Another classic.
And (seemingly) some actual good news!!
I had no idea how biometric log in worked, so your clear explanation was very helpful.
Thank you, Rob.
They can put your finger on the phone or hold the Camera up to your face to access you phone. Dead or alive.
I keep saying this ever since I first encountered Passkeys. My Buddy filmed some cops breaking the law and that's exactly what they did - they physically forced him to unlock his phone with his thumb and they deleted that evidence. Biometrics aren't that safe as they tell us
Thanks for all the research you do and effort you put into explaining it to all of us. I REALLY appreciate all your hard work.
Rob, you are a main source of trusted and competent information on computer privacy on TH-cam that one can refer to. So is the case with passkeys here. Thank you.
Thank you very much for this video!
I dont comment much but ive been looking for a video that properly way up the cons for this type of technology. Thank you Sir
So well Xplained! TY
Brax you save my life every time
Thanks for the info rob. You are amazing
After failing to find any real information online about this, I went strait to your channel, searched it for the word "passkey", and bam, exactly what I needed.
Your my new google when it comes to privacy. The google results were just terrible.
I like the colors in the background on your pic. Purple, mauve, medium pink are my favorite colors.
People that use their real names on TH-cam are the favourites of data miners too.
Then authorities cannot only unlock your phone by forcing your finger on the sensor, or your face I front of the camera, they then have access to everything where passkeys are used.
Brilliant idea.
NO EFFING WAY!
You are not forced to use Biometrics. You can use pin code Doesn't matter how you unlock it
@@robbraxmantech true, but 98% of the users will fall for the convenience factor and USE fingerprint or face, and then they're really screwed.
Then just lock your phone with a password and use fingerprints for passkeys. Unless you give the authorities your password, your passkeys are most likely safe.
@@robbraxmantechHey Rob, great video, thanks for the hard work you put into your passion and motivation. Keep up the great work.
still they can force you in court!
I'm glad to see that passkeys pass your scrutiny, for now at least.
Biometris are not fine, companies like meta and tiktok already have all the biometrics they need from you. Another problem with passkey, if you lost, broke or get your phone stolen with all your security related in there? How you are gonna recover whatever you need to recover without your phone or keys?
Either way, once you biometrics are compromised, you're done! Passwords we can change, we can't change our iris, face or finger prints.
i think you can save the passkey on All other Devices, PC, Laptop, security Key
And how exactly would finger print be compromised? That seems like a far more difficult task than hacking a password via phishing emails or texts.
@@ryanc9888 Today's smartphones can read your fingerprints through the screen, just recently people noticed that Apple phones take a screenshot of the user's face using UV light, what else don't people know about? Another way to compromise your fingerprints was revealed in 2017, when scientists (from Japan's National Institute of Informatics (NII)) extracted fingerprints from photos taken from up to three meters away or 9.8 feet (Google it). That was with 2017 cameras, imagine what they can do with today's cameras when people make "V" signs or expose their palms.
As you can see, this is just too easy. It doesn't matter if a company promises that your fingerprint is protected by "layers of security and cryptography" if people are giving it away to anyone for free.
There goes your "security" if you protect everything you have with "fingerprints" or biometrics in general.
You have no idea how biometric work and didn't care to see the entire video where he is clearing this misconception.
@@nitinkumar29 I wasn't talking to you, no one cares about what you think.
A big downside of biometrics is legal. You can be compelled to unlock a device with biometrics. You have a valid 5th amendment defense to not reveal a password or pin.
Passkey is already available on Google as of a few days ago. I don't like the idea of anyone is storing my passkeys. That should be optional because I'd rather have a backup device with it's public private key pairs or a local offline backup. We can also use passwords as a backup method to get in for now.
"A big downside of biometrics is legal. You can be compelled to unlock a device with biometrics. You have a valid 5th amendment defense to not reveal a password or pin."
For the record, I live and work in Europe and I suspect you are in the USA but as far as I am aware, this is not "legal" currently - there has been no legal ruling either way over being forced to bio metrically unlock a device for legal authorities and therefore, until challenged in a court, it's covered under the Fifth Amendment of having the right to not be a witness against yourself. Therefore, at this moment in time, what you are saying is not true and I speak as someone who has worked for an American company as a cyber-security and data privacy specialist for 15 years now.
"Passkey is already available on Google as of a few days ago."
And that as good a reason as any to not use it - Google is equal to both Faecesbook and Apple in terms of destroying personal data privacy.
"I don't like the idea of anyone is storing my passkeys."
They don't "store your passkeys", the passkeys are stored on the phone - the biometric data you provide on the phone merely validates the pass key. And what concerns me is not just the fact that you don't understand the technology but you seem to be fine using what appears to be your real name on here.
"That should be optional because I'd rather have a backup device with it's public private key pairs or a local offline backup."
Sorry, I don't understand this point at all - you're saying that on some backup devices you would use key pairs and others you would not? So where are you making the distinction because the keys can be used either to control access to the data or to encrypt the data at rest - or both. If you feel that your backup contains information sensitive enough to be encrypted, why would you only encrypt one particular backup type? Why would you not treat every backup type the same and just encrypt all of them?
@@terrydaktyllus1320 Did you even watch Rob's video? Point 4 says your keys are backed up to the cloud. A quick search will reveal the 5th amendment has been used and upheld in regard to a password.. Do a quick search before posting detailed rants.
@@jmr Don't be a baby. Only a baby would call a comment that they disagree with a "rant" and it's just you trying to paint the "irrational" emotions you want to on my comment in an attempt to "cancel" it, rather than debating intelligently like an adult.
Now, you have an opportunity to act like an adult - I am aware of no case that holds biometrics against the 5th amendment based on the research I have already done in my work time.
It is not my job to do "homework" you set me to make you look right - so if you believe there's a case that proves your point that forced biometric access is allowed in law, then provide some specific detail (names, dates, etc.) and I will happily look them up. I recognise you probably can't post a link here, but if you are that confident that such exists then you can provide detail here for me to go and cross-reference - but I am not searching through pages of results just to find one that proves you right.
Yes, I did watch the video (as I do all of Rob's videos) and it is common for "keys" to be held in the Cloud - usually public encryption keys that you might use for authentication onto VPS servers. I do not recall any mention of Passkeys being installed in the Cloud, in a similar way that pass phrases on public and private keys are not stored at both ends either.
So over to you now - are you a whiny baby or an adult?
Fortunately, Biometrics is not required. Just whatever way you normally unlock your device. But on a computer fingerprint may be the only alternative
I never use biometrics. I can always forget my pass codes.
GREAT!
Hey Rob that is your take on the yubikey .
My favorite is that they collect probably millions+ of dollars worth of my personal data. And I get none of those funds they make from my data. Any terms I am under in using apps is under durress; I have no alternative if I need to use the app. I love it.
This is basically GPG with a good user interface :) This is a really good move forward.
I have a couple of concerns:
1. The bluetooth connection: is it just the auth data being transferred or will there be additional information like GPS coordinates "for security"? Yubikey might get around this, but most people will use their phones without knowing what's going on.
2. Offsite backups become a necessity. Try proving to Facebook that your house burnt down and you lost your computer and phone in the fire. You might need to nominate an emergency recovery contact who doesn't live anywhere near you. What happens if you die?
3. This basically requires a TPM "secure enclave" on your device, to hold the keys and biometrics. What happens to these devices when they get old or if they are bugs? Remember, biometrics are not secret, so they should be treated as a username, not a password. Don't give people an incentive to chop off your fingers in order to empty your bank account.
Its a great step forward, but there are no silver bullets.
Never let anybody else hold your keys. Not Google, not Apple, no one. The rule is : Not your keys, not your data. Meaning if you arent the one holding your own keys fully and solely, then you arent in control.
This issue reminds me of the auto-maker's thinking that Biometrics would prevent cars being stolen but all it did was push the violence towards to owner ( a pair of garden clippers are all that's required to remove a thumb of finger in order to unlock the car ) thankfully technology moved forward and the concept was binned... A Electronic pass-key was the more sensible solution and maintained the status quo in regards to keys being physical object... e.g; Yubico has many electronic key solutions available... This FIDO technology looks like a good step forward...
Not so sure I believe people will start forcing using the owners biometrics or the violence on owners. It is highly unlikely for the average person..
I liked Steve Gibson's Squirrel proposal better. One GUID for each person, doesn't matter how many devices you have. But that dog is no longer in the hunt.
Would love to hear your expert opinion on the new function that ledger hardware wallets introduced that has crypto twitter in an uproar.
👍👍👍
There's a huge risk regarding security.
Because, once a device (a phone) has a Passkey setup on it, all one needs to login to any website is the physical ownership of the said device, and the knowledge of the way to unlock the phone screen. Something the owner does multiple times each day.
If it's still the old PIN or pattern way, a criminal could easily watch and learn it from a little further before snatching the phone.
And if it's the biometric way, then there could be some unpleasant persuasion involved.
I'm not convinced this Passkey thing is a step in the right direction, and I'm not ready to give up security for the convenience of not having to manage passwords plus use a 2FA app.
(Sorry if my english is not very good.)
By your logic, there's no point putting locks on the doors into my house because someone could just get in with a lockpick or crowbar.
Passkey has the potential to link your real identity to any anonymous login that you use, therefore it is potentially bad from a privacy perspective. But anything that applies an additional security layer to a system (known as "defense in depth" by those of us who work in the cyber-security industry) is usually considered a good thing.
Security and privacy are completely different issues.
@@terrydaktyllus1320 My english must be really bad, cause I have the impression you completely missed the point of what I said.
-"By your logic, there's no point putting locks on the doors into my house because someone could just get in with a lockpick or crowbar.":
???? What???? I was saying that I'd rather keep my present security method (passwords + 2FA app) than switch to Passkeys. I never implied than I'd prefer no security scheme than Passkeys...!!!
-"Passkey has the potential to link your real identity to any anonymous login that you use, therefore it is potentially bad from a privacy perspective."
I don't even touch on the privacy matter, so I don't see the relevance of this.
-"But anything that applies an additional security layer to a system (known as "defense in depth" by those of us who work in the cyber-security industry) is usually considered a good thing."
Yes, obviously, but I think that Passkeys just does the opposite.
-"Security and privacy are completely different issues."
Yes, I know, and once again, I never even touched on the privacy matter, so I don't see the relevance of this.
It's people's problem if they lose their phone, currently phones are one of people's most prized possession and treat it with as much respect as their house key.
The only major difference is (with education), people will be discouraged from sharing their device pin or using biometric only passkeys.
Also, and this is important *you can't remotely unlock an account with passkeys*, you need the phone. This is a *huge* security plus. Since most cyberattacks are remote
This is no worse than the majority of the current MFA usage. Ideally, we would combine the biometrics with at least a pin. The biometrics ensures the owner is present and the pin ensures a mugger doesn't just take the phone and point it at your face.
There are a significant advantages:
1. there is no password stored at the destination website which can be used for anything. If linked-in get's hacked again, there are no passwords for them to steal.
2. There are two key pairs - one for you and one for the destination. They are combined for authentication. The key pair is specific to the authentication device (phone) *and* the destination. This means that if someone impersonates the destination website, the passkey won't work. There's no password to enter, so they can't steal your password. This eliminates phishing.
3. If you have multiple devices in different places, you don't really need to backup your private key. Apparently this is how Apple uses "other devices" to authenticate a user to new devices (and the point of the QR code). You link multiple unique passkeys to the same account and they can all have the same access.
4. the passkeys are automatically unique - they are never re-used so hacking one site provides no benefit to help them to hack another site.
5. Using biometrics means you need to be physically present. Your account can't be hacked from across the internet.
There are disadvantages but those are less about the keys themselves.
Nothing will be fully secure, that said pass keys will absolutely reduce phishing scams.
FYI: My MacBook has Touch ID. Ventura does have passkeys. I’ve implemented passkey authentication into a web based application that I’m writing so that the web app accepts passkeys. I do not need my phone at all.
What if someone get my Pin and the Steal my Phone, Can I then directly Block that passkey from another device from me so that the robber from then has no access to All of my data and Accounts?
You mentioned lowering the price on your phones when you get them in. Any updates on when you may be getting shipment?
It turns out that I'm low on stock. My stock will likely only last through June. So no discount is possible
I am a retired network engineer and over the years I have literally hundreds of logins. Some of them I use everyday, or almost everyday. I have used a simple method in Excel to creat strong passwords and store them in an encrypted workbook. I decided I would try a Thetis Fido key with NFC. What a mess it is to setup and I guess it’s my fault for not ubderstanding
I'm doing exactly the same since few year, encrypted excel sheet.
👍🙏
Are passkeys actually stored in the cloud? Thought they were stored on the device only.
07:42
Face ID translation.
Q: could the Data points related to a "face" be reverse translated to recreate a " Picture" of face?
Is a reverse translation possible to create "Images" from data points collected by a face or fingerprint reader?
If it can be reverse translated then if someone gets/hacks into data points could also recreate an Image of the person. Correct??
Yes, but they are stored in a secure chip, so it's not easy to get them.
And you will need to perfectly make a face using those data points.
Face ID was tested against this by making masks of people's faces, and it wasn't fooled.
@@xE92vD "Perfectly make a mask using those data points".
"Reverse_Engineering" is not done with a manual stroke of hand brush on the wall or portrait.
Your reply has mixed up data points! 😉And so, you failed!
What happens when someone gets access to the passkey that's saved on your device??
That should be extremely difficult in a proper implementation but I have the same concern. I worry that some devices may implement passkey poorly but passwords without MFA is riskier then passkey in my opinion.
Passkey is meant to combat phishing, weak passwords, and password reuse.
What about the fact that google handed over all of their server access to china?? Also sigma and telegram and probably every ISP as well.. Anyone do a Whois lately?
It is extremely unlikely that any string of characters acting as validation for authentication is ever stored on your device in plain text format.
If you log onto a device with a password, or you log onto a web site with a password, what is actually stored on the device or web site is a "hash" of the password which is the result of carrying out a one-way mathematical function on your password. (In simple terms, think of it like using flour as an ingredient for an apple pie but when you've made the pie, you can never get the flour back out.)
When you log into the device or site with your password, the password you type in has the same mathematical function applied to it and the resulting hash is compared to the stored hash - if they match, you are allowed in. And, no, you cannot just use the hash instead of the correct password.
@@jmr "That should be extremely difficult in a proper implementation but I have the same concern. I worry that some devices may implement passkey poorly but passwords without MFA is riskier then passkey in my opinion."
And what's your rationale behind that statement? Mathematically, there are far more combinations of characters in, say, a password of 12 characters in length than there are in the combination of a password of 8 characters in length and a 4 digit PIN code used for 2FA on your phone.
Or is this just another thing you "believe" like you did with "forced biometric laws"?
"Passkey is meant to combat phishing, weak passwords, and password reuse."
Any form of authentication acts as a deterrent to phishing and in the 21st century, most access control systems on computers have password strength settings set by default that stop password reuse anyway.
@@terrydaktyllus1320 I don't know too much things...but your device and account has been risk out with single lock screen ..
my question is If someone guessed the lockscreen or if phone already got hacked by somehow..is it possible that someone just login to account within device + also getting risked of your device's storage in it?
Already Android has mny issues ..you know
Centralized security is convenient, esp. for the non tech savvy users.
But the risk of compromise is on another level - one point of breach will unlock access to everything for the given user.
Biometric identifiers can link not just the user, but the person, to whatever he uses or have used - and from legal point of view too, as the person is identifiable without any doubt.
Passwords are too early to retire, since they provide good level of protection - they are a decentralized form of protection (one breach does not unlock everything) and they are disposable (unlike your biometric data).
Big tech / big government to have access to your key (even encrypted) ? What, if they already have means to decrypt (or obtain such in the future). They can copy the backed up encrypted user private key, and store it for later decryption (when they have powerful enough quantum computing available).
At the moment this method is probably secure and very convenient for the avg Joe. But the possible security and privacy complications in the near future are a serious consideration.
THERE IS NO BIOMETRICS IN PASSKEYS. FYI
@@robbraxmantech most people will use biometrics for convenience on their phones. When a government decides to confiscate that phone and search - they can connect the trails in the phone with the logins online and thus the person will be 100% identified.
I dont think microsoft have passkeys or security keys as an only option. I have yubikey but i cant use it in microsoft as an only way of logging in, they have it as an option but you can still use password even with a key.
That's just MFA.
Doesn't matter if they have your password, as long as someone doesn't have access to your passkeys, your account is secure.
There will be pros and cons. What about the bad sites? If the transfer to passkey only they could pose as fake site to steal it. As long they research it. Real location can be change unless they create strict code for the phone checks else someone could fake it. PLus hardware phone checks is not easy to fake unless they hijack it.
Yubikeys already allow for use of passkeys with their 5 series keys so WHY would Yubico need to make another type of Key for passkey purposes? I'm confused.
Nope. This is Passkeys WebAuthn/FIDO passkeys implemented by the PLATFORM not by the hardware key. Same name but a whole different concept.
Don't trust them with anything.
"They hope that at some point you will delete your passwords and rely solely on passkeys."
I don't get this. Don't peope have smoke detectors in their homes? Flood insurance? Because we anticipate these emergencies. So how can we not anticipate that our passkey devices might be lost or destroyed in the same emergency? In a fire, you may have only seconds to leave your home before you are engulfed in smoke. "Wait a minute, where's my iphone?" You could get stabbed by a mugger who steals your device. These are at least as likely as a sim swap or superhacker cracking your master password. There you are in the hospital with no way to access your accounts.
As part of my security plan, I have a two-minute go-bag ready -- but I might not have two minutes. And what, do I carry a backup phone in my socks in case I get mugged? There are criminals in the real world too, not just in cyberspace.
Google's 1000% B.S. answer. "No problem, just log in with another device you have access to." i.e., Let's solve the problem by pretending it doesn't exist.
The way it's meant to be used: you have multiple devices with passkey and only then get rid of the password. And maybe have 'security codes' as backup, which are basically: offline large passwords.
@@autohmae But that doesn't address my question at all. I'm not talking about losing your yubikey in Starbucks. I'm talking about a fire that destroys all your devices. Or a car accident. I can assure you from experience, EMS isn't going to search your car wreckage for your yubikey before they take you to the Emergency Room.
Bitwarden does not allow any form of password reset. You can designate a trusted person like a family member. What if your family member is in the same fire or car accident? Talk about 'friction' logging in. Am I overly worried about real world threats -- as opposed to worrying that nation state superhacker is targeting all my multi-factors?
My security threat model doesn't presume normal day-to-day life.
@@bassmaiasa1312 you remember all the bitcoin believers ? they didn't trust the banks, but they believe bitcoin. Do you know what is ironic, part of their solution was: store the keys to their bitcoin at a lockbox at the bank.
What is wrong with authentication using any crypto wallet I have at hand? That tech is quite able to sign and encrypt and decrypt. Site to auth do would have me register the public key to a wallet of mine. Why do I need to involve anything I don't control? I smell a rat.
so you wont be able to login to your account if you use a device that don't have your private key. what if i'm poor and cant afford a computer or smartphone and need to go to the library how will people access their account? what if someone lose their phone during travel... what if my house catch on fire with evrything inside bro
Most of the services you will use to create passkeys most likely will also have a sync feature.
Password managers, for example, can be accessed from anywhere as long as you have the master password. So it is not a problem as long as you use password managers to create the passkeys.
Thats one thing Rob didn't talk about which I was interested to hear about, The usage of Third Party Managers. How do access your third party manager if you loose it on one device? Does one have to upload the third party manager on the cloud, such as 1password.
It is obviously BAD if BIG TECH owns it and is behind it. Not your keys? Where have we seen that before? Now a version that you own yourself on your own device with no phoning home to some Big Tech server would be possibly good. But a BIG NO on biometrics. That is the end of anonymity and pseudonymity online. So a phone likely more easily tied to me is required? So the phone is my digital ID in effect? And would it work with a de-googled phone? Biometrics are digital id. You do need to fear them unless you believe governments are not becoming more and more draconian and unless you think positive ID everywhere is not a major boon to tracking all you do. This is a very real danger to your privacy. You have done a good job on telling of the dangers of BLE. It can tell who your are by your phone at up to 200 ft from the phone? How many ways can this be used beyond passkeys to track you everywhere? What do you mean you don't know why this is bad? Even my laptop is going to be accessible to BLE? Oh joy. Yubico already does FIDO. Is the storage Zero Knowledge? Sounds like this would be open to same monkey business as today's Certificate Authorities.
When I open one of my app. It says rooted device restrictions. My phone has never been rooted. Please let me know how to resolve this.
Thank you
It sounds like the app is telling you that it was designed to be used by a rooted device and that because your device is *not* rooted, the app doesn't have it's full capabilities. One of my apps tells this each time I start it, because my version of Android doesn't permit the app to have access to the microphone for recording purposes. The resolution is to root the device or remove the app.
All of my app doesn’t not say that. Only this app. And I have been using this app for more than five years. Even four five days ago it was opening.
@@youguysaregreat are all of your apps intended to be used on a rooted device? That seems like a pretty unique situation
In case of the other scenario (app hates root), it could think you rooted your phone because: 1) it is de-googled, hence not a 'standard Android' (some apps like banking ones only 'trust' normie phones), this would be normal; or 2) it is rooted without your knowledge, this would be concerning. I would check device status in settings.
What is the name of the app? It’s possible that it has some poorly implemented check for root detection generating false positive results. Also, don’t listen to the Lynyrd guy above. He doesn’t know what he’s talking about.
just looking at the sponsors you will know that this is not private but my question is..... is it safer than having a password??
Yes.
For one, they most likely are using a 2048 bit length in the asymmetric public key algorithm, so 256 characters. This is also data breach resistant and phishing resistant, unlike passwords.
Since the database will only store the public key, the breacher can never get anything out of the public key. The public key even if it is mathematically linked to the private key, it can't be used to generate the private key.
Phishing resistancy is achieved because the website will send the mathematically linked public key of that private key, which can be used to verify whether the device that the website sent has the correct private key.
Apple or Google can bribe some of the other smaller members with a lot less cash flow.
I've noticed google passkey is only allowed to be the same number as your PHONE PIN? Am I wrong?? If you sign up for google passkey then whoever gets your passkey has access to your whole phone!! Google only lets you use your phone pin as passkey it doesn't let you CREATE one! I've tried!! And then you can't remove passkey once you've started, I've tried!! Privacy would be letting you use a number that is DIFFERENT than your PHONE PIN! But they don't! Anyone who already has your phone pin can then get in your google account, and anyone who has your google passkey can get into your WHOLE PHONE! There is NO point to a passkey other than THIS! It's worse security not better security!
That's not the passkey standard itself.
The safer they say you are the less safe you are. Mark of the Beast in progress.
I'm more concerned that biometrics are not protected by 4th or 5th amendment. Passwords are.