Ken's Korner Newsletter Logo October, November and December 2023
Passwords and Passkeys

Closing out the year.
This edition of Ken’s Korner’s Newsletter covers October, November and December 2023.

Passkeys, How they Work and Should You Use Them?
The use of passkeys instead of passwords is gaining momentum. Why is that? What are passkeys and how are the different from passwords?

Forgot Password.

Passwords have been around for many years. We have accepted them as a necessary part of the digital age. But their dominance may be waning. Hardware security keys are a more secure form of authentication. In the coming months and years more and more places will be switching over to passkeys.

Recently Google has joined with Apple and the FIDO Alliance. The FIDO Alliance, (Fast Identity Online) is an organization that has been developing passkeys for several years now. They are the “big fish” in the passkey pond. The current standard is FIDO2. Recently Google has made passkeys the default method to login.

What makes passkeys better than passwords?
Passwords rely on a word, phrase or string of characters. They are stored on a server somewhere with many other passwords. They are usually combined with a username to authenticate users. As such, they are a valuable target for hackers. They are also vulnerable to phishing schemes and other security risks.

Passkeys simplify account registration for apps and websites. They are easy to use. They work across most of a user’s devices and even work on other devices within close physical proximity. When a user goes to sign into an app or website they use the same biometric or PIN that they use to unlock the device, (phone, computer or security key).

Passkeys are stored on your device. They rely on public-key cryptography. Your device gets a single-use login credential each time you sign into an account. It is called “Web Authentication” or “WebAuthn”. The same process that secure message apps use to encrypt conversations and online payment processors use to keep credit card information secure.

When you create an account using WebAuthn your device will create a unique pair of mathematically related keys. Passkeys are always strong and resistant to phishing. The public key is stored on the services server and the private key is stored on your device. If a hacker manages to get their hands on the public key, it doesn’t affect your security. It is already considered public information and it won’t do them any good without the private key on your device.

The private key remains on your device. It remains secret and without it the hacker cannot get authentication. This “scattered” approach makes a match handshaking process mandatory. So, a fraudulent website of application pretending to be you can’t trick the security of the passkey protected system.

Another obvious benefit is that you don’t have to remember some cryptic alphanumeric collection of characters as your password. Instead, you are relying on a much more reliable and secure method of authentication.

The number one downside to passkeys is limited adoption. They are not yet widely used. Another is device dependency. Passkeys need devices that can store and process cryptographic information. There can also be some issues when the user has multiple identities on a single device.

Another problem could arise though the use of biometrics used to generate the passkey. Dirty fingers or bandages pose obvious issues. Switching from glasses to contact lenses or even just different glasses can foul things up. What would happen if a man decided to grow a beard or shave a beard or shave his head. Do women ever change their appearance? (You don’t have to answer that last question.)

Changes in appearance can be a problem when using machine identity applications. Since changing our appearance is not only socially acceptable but often encouraged there need to be an alternative way, backup plan or easy and secure way to change the passkey on the users end.

The bottom line is that passkeys are simple to use and more secure than passwords. For those reasons alone people will be switching to passkeys and moving away from passwords. The “legacy” authentication solutions do not address the security problems and are often not suitable for large scale consumer utilization.

Data storage.

How long can data be stored on your digital media?
If we can assume that there is no physical damage to the media, how long will your data remain intact? That depends greatly on the type of media in question and to a lesser extent how it was stored.

While I am old enough to have seen an 8-inch floppy, those were not in widespread use. I also remember punch cards from way back in antiquity. I cannot claim to have ever successfully run a program on punch cards. We’ll start with the 3.5-imch and 5.25-inch floppy discs.

Floppy Discs
A lot depends on how the floppy drive is used and the quality of the disc itself. If it is in continuous operation, it might last a few months. If you write data to the disc and then just store it the data may remain usable for five to ten years.

Floppy discs are fragile items. It is possible to destroy a floppy in just a few seconds by mishandling it. They are sensitive to heat, humidity and magnetic fields. The magnetic coating can flake off the plastic disc taking the data with it. If they are high quality discs stored in a cool dry place and not jostled around the data might remain readable for five to ten years. Maybe longer but I wouldn’t count on it.

Magnetic Tape
In the past many of the backup systems used a tape drive to store data. Magnetic tape is subject to the same problems and frailty as floppy discs. When used daily the tape would last a few months. Large scale operations would often make a backup and then make another backup of the same data in case the first one was no good. People would be designated as backup operators. They just made backups of critical data all day long.

Conventional Hard Drives
By that I mean hard drives with the spinning platen and read / write heads. They can hold data for an extended period of time. If the drive is in continuous operation. Like the hard drive in a mail server or web server the drive might last three to five years. Even for the hard drives that are specifically made for heavy server use.

But most PCs do not keep the drive running constantly. In fact, the hard drive usually stops spinning after being idle for about twenty minutes. I have some old IDE hard drives, (from back when 40 megabit was considered a large drive) that still retain the data.

Generally, if the hard drive is not physically damaged it can hold data for up to twenty years. That assumes that the data was written to the drive and then the drive was stored in a cool dry place. Still, this is not what most people would consider a long time.

Flash Drives
Devices that are built using NAND technology like flash drives or the Solid-State Drives, which are basically a bunch of flash drivers combined are non-volatile storage devices. They do not require power to retain data. They have no moving parts, which provides several advantages over traditional hard drives using magnetic storage.

While they do not have any moving parts, they do have a limited number of write cycles. OK that number is a really big number but eventually they will “rot” into a read only state. At this point you can still read the data, but it doesn’t end there.

With NAND storage the electrons are essentially trapped in the NAND gate as a means of storing data. Ones or zeros depending on if there are electrons in the gate or not. But the electrons can leak out over time. How long depends on temperature and the quality of the device. Higher temperatures make the electrons more energetic. The more energetic the electrons are the more easily they can escape the gate taking the data with them. Under ideal conditions a quality flash drive stored under ideal conditions will retain data for up to ten years.

Optical Drives
CDs DVDs and even Blu Ray discs can store and keep data for extended periods of time. While they are a write once and read many times device, (even the rewritable discs have a very limited write capacity). However, once the data is written to the optical drive it can remain readable for a very long time. Possibly for thousands of years if properly cared for.

Optical drives are much less susceptible to damage than magnetic media. Direct sunlight can damage the plastic and physically cutting, drilling or breaking the disc will render them useless. Short of that they are close to indestructible. Some optical discs such as Archival Gold are specifically designed and manufactured for a long service life. They are by far the champions of long-term data storage.

Of course, this depends on having a device around that can read that media. An optical drive is not included with many of the new systems. How many floppy disk drives or tape drives have you seen lately?

With printed media data security is accomplished by printing thousands, even tens of thousands of copies and distributing them to multiple locations. When it comes to securing digital data perhaps taking a page from the world of print media (I know, that was a bad pun.) would be a good idea.

Fun with the Computer

Fun things
Now for something a little less profound than secure authentication or long-term data storage. Here are some fun things you can do with your computer for free. For times when you are bored and waiting for the clock to move or stuck on eternal hold or just for a change of your routine. Caution, you may lose track of time on some of these websites.

Check out Pluto TV (https://pluto.tv/). They have movies, comedy, science fiction, food channels, news and old-time television shows. There is even an option for on demand. There is no charge, but you will have to endure ads. It could raise your appreciation for some of the paid services we enjoy ad free. If you have Amazon Prime you can access a great many songs and movies. If you have Amazon Ultimate the list is even longer.

Checkout the Internet Archive (https://archive.org/). They also have vast selections of free books, music, movies, software, websites and other sections to explore. Their “WayBack Machine” offers a history of websites.

Or you could try Open Library (https://openlibrary.org/) which is a part of the Internet Archive. It is free although they do ask for donations. You must register and sign in to check out a book to read off-line. They have a fantastic selection of reading material.

Watch videos on YouTube (https://www.youtube.com/). They have literally millions of videos featuring all sorts of topics. I’ll let you choose for yourself what you want to watch.

Play games online There are of course the games that came with your computer but those can become boring in short order. I am not a big gamer by any means but there is a plethora of games that you can play for free online. Many of them do not require you to download anything at websites like Games 4 Free (https://www.games-4-free.com/) or Top 5 Browser Games (https://www.top5onlinegames.com/). The serious gamers with specially built computers may turn up their noses at some of these simpler attractions but these aren’t meant for them anyway. With an average computer you can still have fun and not spend a fortune on special hardware and software.

Take a virtual tour. They are not just for selling real estate. You can take a virtual tour of many historic site such as the great pyramids in Egypt, SeaWorld, NASA and more. Many famous museums like the Smithsonian offer virtual tours. You can take a virtual tour of some of the National Parks at (https://www.nationalparks.org/connect/blog/take-virtual-visit-national-park). You can make your own virtual tour but to make a good one takes some rather expensive equipment and a degree of skill. Virtual tours made with a smart phone have a painfully amateur sense about them.

Watch a Podcast. Or just listen to a podcast. There are podcasts covering just about any subject you can think of. Some podcasts require a fee but there are a great many free podcasts. A quick search on one of the search engines will bring up a large number of choices. You can also get an app to search for podcasts on your choice of subjects. If you are really into podcasts, you can create your own but like with virtual tours a good job of making a podcast takes a lot more work than just a few clicks.

Watch the sky. Stellarium (https://stellarium.org/) is a free open-source planetarium for your computer. Day or night, you get a realistic view of the sky in 3D with as many as 177 million stars. If astronomy is one of your interest’s checkout this website

Listen to music. Pandora, AccuRadio, Jango and other services offer a wide choice of music. Some of which are available on demand. Many radio stations stream their broadcasts online. One of my favorites is KUVO (https://www.kuvo.org/). A Rocky Mountain PBS station featuring jazz, blues and Latin jazz.

Learn a new skill. If you are like most of us, you probably have more than enough people nagging you to increase your skill set and earning potential. But hey, there is nothing wrong with a little self-improvement. Download GIMP, (perhaps an unfortunate name choice) from (https://www.gimp.org/)) and learn how to create graphics.

Or you might try Python (https://www.python.org/) and get into some computer coding. Python was created by Guido van Rossum and first released on February 20th 1991. While you may know the python as a large snake, but the name of the programming language comes from an old BBC comedy show called Monty Python’s Flying Circus. Python is an interpreted language and it is relatively easy to learn.

For either GIMP or Python there are a great many websites that provide training and examples for all levels of proficiency from beginner to expert. Both GIMP and Python are free downloads While this may start out as a free thing to do by the time you become really good at it you will have paid a lot to get there.

Becoming a master of either GIMP or Python will take a lot of work. But long before you reach that status you will find them to be very useful tools. Learning a new program can be challenging, rewarding and help to keep you mentally sharp. Who knows, it may even increase your bottom line.

If you know someone that you think would enjoy this newsletter, share it with them and ask them to join using the link at the bottom of the page.

 

And remember — always back it up!

 

 

Go back to the top

To get the Ken's Korner Newsletter delivered to your Inbox CLICK HERE