We're thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365. 

Key takeaways 

• Passkeys offer a more secure and user-friendly alternative to traditional passwords by eliminating the need for storing secrets on the server side. 

• Public key cryptography forms the foundation of passkeys, ensuring strong authentication without the risk of password breaches. 

• Passkeys provide phishing resistance and streamline the authentication process for end users, reducing the reliance on complex passwords and additional MFA steps. 

• While passkeys offer significant security benefits, they are not a standalone solution and should be complemented with other security measures such as phishing prevention and identity protection strategies. 

Timestamps: 

(00:13) - Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker 

(03:47) - The Rise of MFA Bypass Kits and Adversary in the Middle Attacks 

(14:55) - Unlocking the Future of Passwordless Authentication with Passkeys 

(24:55) - Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices 

(29:59) - Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity 

(33:01) - Enhancing Security with Passkeys and Onboarding Procedures in Public Services 

Episode resources: 

Passkeys Directory 

Jan Bakker’s website 

The Security Swarm Podcast - EP24: The Danger of Malicious OAuth Apps in M365 

Start your free trial of M365 Total Protection