Passkeys | Breaking Cybersecurity News | The Hacker News

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API , the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard users to their accounts on a new device after they restore their apps and data from their previous device," Google's Neelansh Sahai said . The tech giant said the process occurs automatically in the background when a user restores apps and data from a previous device, enabling apps to sign users back into the respective accounts without requiring any additional interaction. This is accomplished by means of what's called a restore key, which, in reality, is a public key that's compatible with FIDO2 standards such as passkeys. Thus when a user signs in to an app that...

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said . The PIN is a six-digit code by default, although it's also possible to create a longer alpha-numeric PIN by selecting "PIN options." This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android. While the passkeys could be used on other platforms, it was necessary to scan a QR code using the device where they were generated. The latest change removes that step, making it a lot easier for users to sign in to online services using passkeys by simply scanning their biometrics. Google noted that support for iOS is expected to arrive soon...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program ( APP ). "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said . Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on the FIDO Authentication standard, the technology is designed to secure online accounts against potential takeover attacks by ditching passwords in favor of biometrics or a PIN. Passkeys can simultaneously act as a first- and second-factor, entirely obviating the need for a password. Earlier this May, the tech giant revealed that passkeys are being used by over 400 million Google accounts. High-risk users , who are at an elevated exposure to cyber-attacks because of who they are and what they do (e.g., journalists, elected officials, political campaign staff, human rights ...

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times  over the past two years . "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google,  said . The search giant notes that passkeys are already used for authentication on Google Accounts more often than legacy forms of two-factor authentication, such as SMS one-time passwords (OTPs) and app based OTPs combined. In addition, the company said it's expanding  Cross-Account Protection , which alerts of suspicious events with third-party apps and services connected to a user's Google Account, to include more apps and services. Google is also expected to support the use of passkeys for high-risk users as part of its Advanced Protection Progr...