Tuesday, December 24, 2024

PayPal ditches passwords, at least on Apple devices

No more reusing, recycling passwords! PayPal has added passkeys for passwordless login to accounts across Apple devices.

The PayPal passkey login option will initially be available to iPhones, iPads and Macs running iOS 16, iPadOS 16.1 or macOS Ventura. It will expand to additional platforms as other vendors add passkey support. Apple, Microsoft and Google have all pledged to implement the new passwordless authentication standards by early 2023.

Passkeys allows users to login to accounts with cryptographic key pairs instead of passwords. In essence, using the device in combination with user biometric data to prove account ownership, as opposed to a username and password.

The new login method, created by the FIDO Alliance and World Wide Web Consortium, aims to eliminate passwords altogether, replacing them with a more secure authentication method. PayPal is a founding member of the organization.

According to Microsoft, 579 attacks involving passwords occur every second, or about 18 billion a year. Many of them are successful, mainly because people have a tendency to pick poor passwords or reuse them across multiple accounts.

To drive this point home, consider 82 percent of security breaches last year were attributed to stolen credentials, phishing, and human error, according to Verizon’s most recent Data Breach Investigations Report. This, according to the report [PDF], illustrates the “importance of proper password protection” — or, perhaps, the need to eliminate passwords altogether.

PayPal SVP Doug Bland said the move “eliminates the risks of weak and reused credentials and removes the frustration of remembering a password.

The passwordless future is one other retailers will be eyeing, if not working to implement swiftly, but it’s not about you or your online safety. According to a survey of 16,000 global consumers by biometric authentication firm iProov, 15 percent of global consumers abandon online purchases at least once a week because they forgot their password, and 32 percent ditch the shopping cart at least once a month for this same reason.

Recommended:  FBI in Threat Warning After Surge in Spoofed Domains

PayPal began rolling out passkeys to US customers this week, and will expand to other countries early next year. 

Existing customers can log in to PayPay on an Apple device using their existing credentials, and then select the option to “create a passkey.” They will then be prompted to authenticate with Apple Face ID or Touch ID, and the device automatically creates the passkey. Once created, passkeys are synced with iCloud Keychain.

Additionally, customers using devices that don’t support passkeys yet can still use an iPhone to log in with a PayPal passkey by scanning the QR code that appears after they enter their PayPal user ID. 

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

source

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Just your average information security researcher from Delaware US.
Latest posts by RiSec.Mitch (see all)
Recommended:  Report: 93% of orgs are challenged by malware analysis
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security