TikTok passkeys rollout snubs US, feds seek commercial phishing options
TikTok has had its share of security concerns, but this week it launched passkeys on iOS devices, allowing users to sign in using Face or Touch ID. The Chinese social media firm also announced it has joined the FIDO Alliance, supporting authentication standards that can replace passwords.
As with other passkeys, the encrypted biometric data used for authentication TikTok stays on a subscriber’s device. TikTok and other third-party apps do not have access to the data.
“We are thrilled to join the FIDO Alliance as we begin to introduce passkeys for login, working with industry leaders to amplify secure passwordless technologies,” Kim Albarella, head of global security for TikTok, says in a statement.
The passkey rollout will happen in stages, with Asia, Africa, Australia and South America being the first regions to have access.
There will be no TikTok passkeys for users in the United States federal government, however. The app is banned on executive branch devices.
TikTok says passkeys are “largely phishing resistant,” and “protect against the number one crime type in the 2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center.”
Feds not hung up on bespoke strategies
Phishing warranted a symposium of U.S. government officials from several security-focused agencies this week. The White House Multifactor Authentication Modernization Symposium discussed how the government can support and benefit from new phishing-resistant authentication, including commercial products.
Federal CISO Chris DeRusha said, “Security does not need to be complex or customized to be the best choice. Today, we are focused on leveraging the best practices of the private sector to advance how this administration meets its goals of improving the nation’s cybersecurity.”