Password management vendor Dashlane has announced the introduction of integrated passkey support in its password manager, unveiling an in-browser passkey solution to help tackle the issue of stolen/misused passwords. The launch comes as the “passwordless authentication” era edges closer with tech giants Apple, Google and Microsoft set to bring it to millions of smartphone and laptop users in accordance with recommendations from the Fast IDentity Online (FIDO) Alliance.
Passkey support includes secure sharing, access control, multi-device sync capabilities
In a blog post, Dashlane wrote that the launch of passkey support in its password manager is the natural evolution of its offerings and is tied to its mission of making security simple for organizations and their people. “Today’s biggest security issue stems from stolen logins – over 80% of breaches occur as a result,” it added. Passwordless authentication takes a powerful step towards addressing this problem, it claimed.
To be made available in the coming weeks, the Dashlane passkey solution will allow users to log in across all types of sites, including those that support new passwordless authentication and sites that require a password. “Users can store their passkeys for multiple sites and benefit from the same convenience and security they already have with their passwords. They’ll enjoy “automagically” logging in to sites, seamless operation across multiple platforms, and our patented zero-knowledge architecture, which means no one except the user can access their logins. (Not even Dashlane can access them.),” it added. They will also benefit from with secure sharing capabilities, access controls for businesses, multi-device sync, and multi-platform interoperability, Dashlane added.
Forrester Vice President, Principal Analyst Andras Cser welcomes Dashlane’s introduction of integrated passkey support. “This gives better protection for the Dashlane password vault, and users can authenticate to the password vault with passwordless authentication. This is a great development,” he tells CSO. “However, backend applications to which Dashlane still manages passwords continue to be vulnerable to phishing and other password related attacks.”
Passwordless authentication edging closer
In March 2022, the FIDO Alliance published a report on its ongoing work towards making FIDO-based secure authentication technology the most dominant form of authentication on the internet, replacing passwords. It cited two areas of recent advancement – the use of smartphones as a roaming authenticator and multi-device FIDO credentials – as key to driving large-scale adoption of FIDO-based authentication in the near future. “This makes FIDO the first authentication technology that can match the ubiquity of passwords, without the inherent risks and phishability,” it said.
Meanwhile leading tech companies look to expand support for a common passwordless sign-in standard by making smartphones and laptops passwordless authentication ready within the coming year. “The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), commented in May this year. “I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers.”
Read the full article here