Passkeys - The iPhone moment for Security

Welcome to our 145th edition!

🔥 Top Stories

1. You can log in to your Twitter (Shh! X) account using passkeys now.

2. Victory for developers - Apple’s plan to allow browser competition.

3. Even your shitty HTML can rank better now 😐️ Semantic HTML doesn’t mean good quality 🤨 

   Me: Follows HTML structures, and patterns, and maintains quality.

   Google: Lol, why dude?

   Me: For better SEO rankings 😕 

   Google: 🤣  🤣  🤣  🤣  🤣 

🌟 Spotlight

What are passkeys? How are they superior to passwords?

If you’re someone like me who memorizes passwords and tries to remember them every time only to do a “Forgot Password”? then you’re in for a fruitful treat!

Think of passkeys like a credential that is stored on your computers, and phones, … Since it is stored inside your devices, it is safer to assume that the person accessing the device is you. Oh, wait a minute there. Why can’t someone snatch my phone and steal the credential? You’re not crazy to assume that. Currently, most of the phones, and laptops come with a built-in biometric authentication (face scanners, fingerprints, …). These are regarded as the highest and safest form of authentication currently in practice. As your devices are guarded by them, the chances of stealing are very rare. People cannot just run away with your device to hack them later as you would need to be present to unlock them 😆 

Let’s get technical.

A passkey is a FIDO credential stored in your device. FIDO, short for, Fast IDentity Online is a set of authentication protocols with the sole intention of eliminating the usage of passwords.

Passkey uses public key cryptography.

Ok, how does that work? 😏

Public key cryptography has been around since the 1970s — the web is built on it. In the 1990s, Netscape developed encryption based on public keys called Secure Sockets Layer — or SSL — as a means of authenticating websites and ensuring user privacy. Secure websites all have them and it’s how you can identify whether a website is authentic and what it claims to be.

Ok, how is that relevant here?

Passkeys are similar to SSL, more recently called TLS. But instead of systems authenticating each other, a person has the corresponding private key on their device. The cryptography portion of this is that the website can confirm that the user’s device — which biometrics confirm is in their possession — has the passkey. Because of the cryptography the server never actually learns what the user’s passkey actually is. That’s the magic of public key cryptography. It can validate you without knowing anything about you. It just confirms you are who you say you are.

Hmm, that’s cool.

Wait. There is more…

It’s not just getting rid of passwords but whatever patches came along with it.

Patches?

You know the verification questions “Who was your first teacher”, “What color was your first car?“, … 🤣🤣🤣🤣🤣

The more recent OTPs (One Time Passwords), Authenticators, the so-called 2-factor, 3-factor, and multi-factor authentications. All will be gone along with it.

📚 Popular Articles

🎮 Try this out yourself

I would prefer a loader to be as accurate as this one.

😂 Fun memes

Frontend Devs be like: We just came out of the IE7, IE8 support shit! What the hell is this now? 😡 😡 😡 

Oh ha haha ha. LMAO 🤣

💬 What do you think about this?

Just hit reply and let us know your thoughts!

📢 Calling for contributions

This newsletter thrives on community contributions. Your expertise, insights, and experiences matter to us! We're open to featuring articles written by our readers.

If you have a valuable perspective, a TypeScript tip, or a frontend engineering story to share, we welcome your submissions!

Just hit reply, and we will connect!

🌻 Your support matters! 🌻

Researching and writing high-quality articles demands considerable time and effort. As this newsletter is offered for free and managed alongside a full-time commitment, your support can help sustain its quality and growth.

If you enjoy the content and find it valuable, please consider supporting my efforts by visiting this link. Every contribution helps in maintaining and enhancing the newsletter's content and reach.

Thank you for being part of this journey!