Problems with Passkeys

by Carey Parker | Posted on

Podcast: Play in new window | Download (Duration: 1:01:59 — 70.9MB) | Embed

Subscribe: Google Podcasts | Spotify | Stitcher | TuneIn | RSS | More

Everyone hates dealing with passwords. This has led to a mad search for ‘password-killer’ technology. After several failed attempts, there’s finally a worthy contender: passkeys. The technology has been around for years – it’s the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon – I’ll explain why in today’s show.

In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to ‘bank’ your voice soon.

Article Links

  1. [Tom’s Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now
  2. [tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware
  3. [Tom’s Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update
  4. [BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
  5. [Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/
  6. [9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/
  7. [Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/
  8. [Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online
  9. [9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/
  10. Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:01:10: Update on new location tracker spec
  • 0:02:52: News preview
  • 0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware
  • 0:07:27: Intel Deploys Undisclosed Microcode Security Update
  • 0:11:12: Toyota location data of 2M customers exposed for years
  • 0:15:34: Phishers looking to capitalize on ambiguous new TLDs
  • 0:19:32: Security flaws in Wemo Smart Plug won’t be fixed
  • 0:25:08: Malware turns home routers into proxies for Chinese hackers
  • 0:30:53: Age Verification Mandates Would Undermine Anonymity Online
  • 0:39:23: Apple to offer new “voice-banking” technology
  • 0:43:42: Dear Carey/Tip of the Week
  • 0:59:19: Upcoming shows, coin promotion

Related Posts