New Brunswick

Beauceron Security’s David Shipley says there are pros and cons to both


Posted: 6 Hours Ago

A New Brunswick cybersecurity expert said he can’t pick whether he’s team passkey or team password because they both have pros and cons. (Sean Kilpatrick/Canadian Press)

It may be a foreign concept to some but for others, it’s a natural technological progression: Passkeys.

Cybersecurity expert David Shipley, of Beauceron Security in Fredericton, said a passkey is a computer-generated password. Your device remembers the passkey and allows you access to websites you visit frequently — without having to remember all of your unique passwords.

But there are pros to the new tech, said Shipley, starting with the fact that a passkey is more secure than using the same password across multiple sites.

“Digital lock-picks will breach a website and they’ll breach another one, and they’ll start to get a sense for the patterns you may use and then they’ll digitally lock-pick,” said Shipley. 

(Submitted by David Shipley)

“But if you’re using a truly random, very long, machine-generated pass key, that, you know, doesn’t have that same pattern repeatability.”

On the other hand, there are cons. Shipley said a passkey is “only as secure as the algorithms used to generate it.” So if there’s a pattern or flaw in the generation of the passkeys and someone were to discover how the company’s algorithm works, that attacker could then unlock all the passkeys.

Another downside, said Shipley, is that passkeys can usually only be used with the most modern devices, so if one piece of someone’s technology is older, the passkey won’t be of any use on that device.

Readers Also Like:  Baltimore schools failed to fully act on security recommendations before cyber attack: State IG report - ABC News

Having a passkey that is tied to a device can also be a bit of headache, said Shipley.

(Apple)

“You’re out canoeing the Restigouche, your smartphone goes into the river … then you’ve got to re-establish all of your credentials — what a pain.”

Shipley said the latest Apple iOS is really pushing passkeys forward, which is great for people that exclusively use Apple devices.

But say someone has an Apple iPhone, a Windows computer and an Android tablet — the ease of use decreases.

Shipley said a lot of sites just also are not ready for the technology of a passkey, such as banking websites, which sometimes still only support passwords of certain lengths. 

“It’s probably going to be a decade-plus journey to see these become commonly offered on the places we need them the most,” he said.

“Yeah, it’s cool that the latest bleeding edge tech magazine can use passkeys — that’s not what I’m worried about getting compromised. I’m worried about my tax account, my government ID accounts, my bank accounts, those types of things. And these will probably be the last ones to adopt this technology.”

(CBC)

For Shipley, he said he can’t pick whether he’s team passkey or password because they both have different upsides, and sometimes, the need is a generational difference.

For example, seniors might already have a system where they keep all of their different passwords written in a password book, so changing to a complex technology, that could cause mass frustration if it goes wrong, doesn’t make sense. 

But for a Gen Z or millennial with multiple mobile devices, it might be just what’s needed.

Readers Also Like:  EBay launches sports trading card submission service - SportsPro - SportsPro Media

“It’s probably my biggest frustration with the tech industry is they come out and they drop the solutions like this is perfect for everybody, right? No, it’s not,” said Shipley.

“The problem comes down to a fundamental belief whether technology is better than humans. So the belief right now is you can’t trust the human, we can trust the machine, except if the machine makes a mistake.

“In 2024 when we’re all obsessed about [artificial intelligence], I continue to be impressed with the amazing potential of human beings, and I’ll bet on the human over the machine still every day.”

ABOUT THE AUTHOR

Hannah Rudderham

Journalist

Hannah Rudderham is a reporter with CBC New Brunswick. She grew up in Cape Breton, N.S., and moved to Fredericton in 2018. You can send story tips to hannah.rudderham@cbc.ca.


With files from Shift