Using a password manager allows you to store and remember the various passwords for your account. Using Google as an example, the Google password manager will suggest a strong password when signing up to a website. If you use this recommended password, it gets saved to Google's servers and is accessible from the password manager tab.
This technique is far better than using the same password for everything as it lowers the risk of giving over access to all your accounts when one may be hacked. However, this is still not the safest way to protect your login information, as passwords stolen from a hack are still very common.
The risk of phishing
Phishing is one of the most common methods of hacking a password. This is where a hacker will create a fake login page that looks identical to the real one, and when you attempt to sign in, they will have access to your username and password.
Enhancing security with 2-factor authentication
Another technique for increasing security with the standard email and password sign-in is using two-factor authentication. This system works by double-checking with a deemed safe device you are attempting to sign into the relevant account. This is more common than passkeys as it has been around before fingerprint or facial recognition was available. It is a robust, more secure system than just a single password being entered.
However, the downside is that it makes signing into accounts you may access frequently more challenging and time-consuming. It also costs companies to implement two-factor authentication to develop and integrate it within their website. So, not all companies are on board.
The rise of Passkeys
Passkeys work similarly to a physical key stored on your device. When using this method, only the unique passkey provided by your device will allow you to log in to whichever account you are attempting to access.
These passkeys will use your biometrics, e.g. face recognition or fingerprint. To achieve this, a website will create something called a public key. This public key is stored on the website servers and helps generate a private key on your device. The private key will never leave your device and will instead work together with the public key to create a one-time authorisation to allow you to enter the website. This works similarly to a credit card chip, which generates a random card number for that purchase. This means that even if a hacker could access the one-time code generated by the public key, there would be nothing they can do with it. Whilst many developers are slow to adopt the passkey system, it looks like the future could very well be passwordless.
QR codes for Passkey integration
Another system that is being used for passkey integration is QR codes. In this system, you scan a QR code on an untrusted device, e.g. your laptop or desktop PC. Once the code is presented, scan it on your trusted device and activate the passkey. This allows you to sign in using the passkey on another device. This works well as it will enable you to use other everyday devices whilst remaining safe online.
To prevent people from sharing the QR codes and having outsiders sign into your accounts, you must use the trusted device within a small distance of the primary device. For example, if you wanted to use a passkey for your laptop, you could scan the QR code with your phone; that way, the passkey would function. If you were sent a picture of someone else's QR code and attempted to sign in, it wouldn't work. This is because the distance required is Bluetooth to sign in on another device. Limiting the range and increasing safety.
Passwords: pros and cons
Pros;
Easy to remember
It can be used on any device
Saved across all devices
The most common method used by websites
Managers suggest stronger passwords and hold onto those passwords.
It can be used to grant access to freelancers without sharing sensitive information.
Cons;
Easily hacked
It is usually a reused password from a different account
Can be guessed
Can be Phished
Are at risk if using an unfamiliar system.
Passkey: pros and cons
Pros;
It doesn't rely on human memory
Created using strong encryption Algorithms
It is much safer as you must have the device to use the passkey
Uses biometrics of the device
It cannot be Guessed
It cannot be Phished
It can be synced across devices from the same company.
Cons;
It doesn't have a lot of support from websites
It requires a lot of work on the website end to update
If you lose your device, you will lose access to security keys if they are not shared amongst a system.
It cannot be shared.
The impact of Passkeys on virtual freelancing
While passkeys are great for personal security, they significantly impact companies wishing to switch over. Integrating Passkeys instead of passwords for a company has many benefits, including increased internal security and a lower chance of data breaches.
However, implementing a passkey system takes a lot of time and effort. Outside of a corporate setting, using passkeys could harm freelancers and other outsiders who require access to accounts. In this regard, Passkeys are almost impossible to be used in a freelancer market.
Instead, what someone should do if they wish to use freelancers and increase security is to use a password manager.
What's the best option for freelancers?
Freelancers should educate clients about the security benefits of password managers over traditional passwords or passkeys, especially for projects requiring account access. This approach maintains security without compromising data through credential sharing.
In conclusion, the evolution of online security from passwords to passkeys presents opportunities and challenges. As technology advances, finding a balance between security and usability remains a priority, particularly for freelancers and companies navigating the complexities of virtual collaboration.
Technology is always changing. That’s where a virtual assistant (VA) can offer invaluable support.
VAs like Erin at Bizzybee can help you manage your email platforms, social media profiles, HR systems, and so much more. If you need a hand with setting up digital processes or keeping them ticking over, feel free to get in touch with Erin for a chat.