Amazon Quietly Wades Into the Passkey WatersAmazon Quietly Wades Into the Passkey Waters
The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.
October 17, 2023
Amazon has silently rolled out passkeys for shoppers and streamers, following other tech giants like Google and Microsoft into the next-gen cloud authentication fray.
The concept of passkeys is familiar to most users, thanks to FaceID and TouchID for Apple devices, digital fingerprint scanners on laptops, screen-lock PINs, and other forms of passwordless unlocking mechanisms for hardware devices. In recent months, that same concept has made its way to cloud services, websites, and apps, with everyone from Uber to OnlyFans allowing users to sign into their cloud-based accounts using the same device-based technology. Enterprises are also eyeing passkeys for internal use.
Corbado co-founder Vincent Delitz first noticed and publicized the addition for Amazon users, noting that, "given Amazon's vast user base, this rollout is set to familiarize a large segment of non-tech-savvy users with the benefits of passkeys. The ease of use might convince these users to demand passkeys from other online platforms as well."
However, he did flag a few glitches with Amazon's passkey implementation, including the odd choice not to include passkey support for Amazon native mobile apps (that goes for the e-commerce app as well as Prime Video); the need to configure separate passkeys for each country or top-level domain; not including passkey autofill; device management challenges; and other quibbles. Amazon did not immediately return a request for comment from Dark Reading on the matter.
Still, the rollout — along with Google's announcement last week that it will make passkeys its default sign-in mechanism — greatly amplifies the drumbeat, for once and for all, to move beyond passwords and even basic forms of two-factor authentication, such as SMS-based, one-time codes. Eduardo Azanza, CEO at Veridas, sees nothing but security upside in the development.
"Biometrics are tied to a user's physical characteristics and therefore cannot be compromised as easily by cybercriminals. And, security teams are able to quickly detect instances of fraud, identity theft and spoofing," he said in emailed comments. "The roll-out of passkeys by Amazon is a strong message that the big tech firms know that it is time to end the password."
He added, "[We are] shifting the paradigm away from the presumption of 'what we know' or 'what we have,' which is how passwords have worked so far, to 'who we are': people with unique qualities that cannot be duplicated."
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks