Passkeys now also available at Sophos Central
Passwords are a thing of the past. Passkeys make logging in easier, faster and more secure. In this article, you will find out how passkeys work and what advantages they offer, especially for Sophos Central.
Topics
What are passkeys and how do they work?
Passkeys are a modern, passwordless login method based on the FIDO2 standard. The main difference to conventional passwords is that secret passwords, which can potentially be stolen or spied on, are no longer used. Instead, cryptographic key pairs are used for passkeys: a public and a private key. The private key remains securely on the user’s device, while the public key is stored on the service provider’s Server. The private key is used for authentication, which is secured via biometrics (such as fingerprint or facial recognition) or a PIN. This makes logging in both easier and much more secure for users, as passwords can no longer fall into the wrong hands.
The big advantage of passkeys is that they offer a much more convenient experience for the user. No more long and complicated passwords, no more SMS codes that could be intercepted, just the use of a biometric feature or a simple PIN code. This allows users to authenticate themselves quickly and easily without having to remember passwords. Compared to conventional multi-factor authentication in particular, this is a clear step forward. What’s more, modern cloud technologies make it easy to synchronize passkeys across different devices. This means that a user who has created a passkey on their smartphone, for example, can also use it on their laptop or tablet without having to carry out any additional set-up steps. This is a considerable relief, especially in a networked world in which people are using more and more devices.
Another important aspect is resistance to phishing attacks. As passkeys do not contain any information that could be passed on to the service provider, they are almost impervious to phishing attempts. Users cannot be tricked into entering their login details on fake websites because no reusable information such as passwords is transmitted. This significantly increases security compared to traditional passwords.
Passkeys now also available at Sophos Central
Since November 7, 2024, Sophos Central also supports login using passkeys. This means that you no longer have to enter the password and then the MFA code, but simply use the passkey. This eliminates an additional step when logging in, which saves a significant amount of time. This is a significant improvement, especially when logging in to the Sophos Central website, which is slow anyway.
Login will not only be faster, but also more convenient, as users will only need to use their biometric feature or a simple PIN to gain access. This not only saves a few seconds, but also improves the overall user experience, especially for frequent users of the platform who need to log in regularly.
The integration of Passkeys in Sophos Central also has advantages for administrators. Passkeys are easier to implement and manage as complex password policies no longer need to be enforced. In addition, problems with forgotten passwords or the constant resetting of accounts are eliminated, which significantly improves both security and efficiency in IT support. Passkeys are closely linked to the user device, which means that only authorized persons have access to the corresponding accounts.
More information:
What does this mean for users?
The introduction of passkey support significantly simplifies the login process. Instead of typing in a password and then having the MFA key ready as before, you only need a device that has a stored passkey. This not only saves time, but also increases security, as the risk of phishing attacks and other password theft methods is eliminated. The private use of passkeys on your own devices means that they never leave the security of the device and therefore cannot be spied on. In addition, the use of biometric security features adds a personal layer of security that cannot be compromised as easily as passwords can.
For users, the switch to passkeys not only means a simplification of the login process, but also a general reduction in security risks. Anyone with a compatible device can benefit from the advantages of passkey technology immediately and no longer has to deal with the complexity of passwords and their management. This is a great advantage for companies in particular, as it not only increases user-friendliness, but also the security of the entire infrastructure.
No more SMS or e-mail + PIN
Sophos also plans to phase out old and insecure methods such as SMS or email + PIN as MFA options. This switch to more modern and secure login methods is part of the efforts to make Sophos Central even more secure and to comply with the CISA Secure by Design initiatives. Moving away from SMS and email-based authentication methods is a necessary step to improve security standards. SMS codes are particularly vulnerable to man-in-the-middle attacks and SIM swapping, making them no longer a reliable security measure. With the introduction of passkeys, these vulnerabilities can be avoided as external communication channels are no longer required.
- With immediate effect, new users can no longer set up SMS or email+PIN as a second authentication method. For new accounts, only the use of a TOTP app (e.g. Google Authenticator, Microsoft Authenticator, Authy,
1Password, OTP Auth) is possible as a second factor. Existing users are not affected by this change.
- From February 2025, existing users who still use SMS or email+PIN for authentication will be actively encouraged to switch to more secure alternatives such as passkey authentication or a TOTP app.