New website names and shames companies that still don’t offer passkeys to users
New website names and shames companies that still don’t offer passkeys to users
新网站点名批评仍未向用户提供通行密钥(Passkeys)的公司
When it comes to securing accounts against hackers, passkeys are now widely considered the gold standard. And yet they are still not offered by one in four major apps and services on the internet, including Instagram, Netflix, and Spotify. 在保护账户免受黑客攻击方面,通行密钥(Passkeys)目前被广泛认为是黄金标准。然而,互联网上四分之一的主流应用程序和服务仍未提供此功能,其中包括 Instagram、Netflix 和 Spotify。
Those stats come from a new website that names and shames companies that still don’t give users the option to use passkeys to log in to their apps and services. 这些数据来自一个新网站,该网站专门点名并批评那些仍未让用户选择使用通行密钥登录其应用程序和服务的公司。
Passkeys are more secure than passwords because they are generated by a user’s device and tied to that phone or computer and the website they are created for. They can rely on biometrics such as Face ID, Touch ID, or a physical security key; and can be stored automatically in someone’s password manager. 通行密钥比密码更安全,因为它们是由用户的设备生成的,并与该手机或电脑以及创建它们的网站绑定。它们可以依赖生物识别技术(如 Face ID、Touch ID)或物理安全密钥,并且可以自动存储在用户的密码管理器中。
Passkeys’ crucial advantage is that the user doesn’t have to remember anything — unlike a password — and they are much harder to steal or phish by a hacker unless they get physical control of the target’s devices. 通行密钥的关键优势在于用户无需记忆任何内容(与密码不同),而且除非黑客能够物理控制目标设备,否则他们很难窃取或通过钓鱼方式获取通行密钥。
Scott Helme, the longtime security researcher who created the website whynopasskeys.com, wrote in a blog post that the motivation behind the site is to push companies to enable passkeys and give users the chance to adopt them. “A list is a surprisingly effective motivator. Nobody wants to be on the list,” wrote Helme. 长期从事安全研究并创建了 whynopasskeys.com 网站的 Scott Helme 在一篇博文中写道,创建该网站的初衷是推动公司启用通行密钥,并让用户有机会使用它们。“一份名单是一个出奇有效的激励因素。没人想出现在这份名单上,”Helme 写道。
Major companies such as Apple, Google, and Microsoft are on the good side of the list and do offer passkeys to users. It’s important to note that users can turn on passkeys on Instagram, but only if their account is tied to a Facebook account with a passkey enabled. 苹果、谷歌和微软等大公司都在名单的“正面”一侧,并已向用户提供通行密钥。值得注意的是,用户可以在 Instagram 上开启通行密钥,但前提是他们的账户必须与已启用通行密钥的 Facebook 账户绑定。
Meta did not immediately respond to TechCrunch’s request for comment as to why some of its products, like Facebook and WhatsApp, offer passkeys, but Instagram does not. TechCrunch also reached out to Netflix and Spotify. This article will be updated if any of these companies provide a comment. 对于为何其部分产品(如 Facebook 和 WhatsApp)提供通行密钥,而 Instagram 却不提供,Meta 未能立即回应 TechCrunch 的置评请求。TechCrunch 也联系了 Netflix 和 Spotify。如果这些公司提供评论,本文将进行更新。