Global Group
The Best Partner for You


We create technological value for the prosperous life of our customers.

Support ArticlesStay up-to-date on company and partner news, product tips, and industry trends.

#password #Passkey Dec 08, 2023
If you're using a password on this list, change it now – hackers could break into your account in seconds

Passwords protect some of our most personal information from prying eyes, but despite their critical role, millions are still relying on lacklustre combinations to keep their data safe. And when we say "lacklustre", we really mean it.


A list of the most common passwords of 2023 has been published and shockingly "123456" is in first place. The uncreative password was used over 4.5 million times by users online, researchers say, with the word "admin" a close second with 4 million uses worldwide.


Cybersecurity researchers worked with the team at NordPass – the password management software developed by the same minds as NordVPN – to put together the definitive list of the most common passwords of the year.


To do this, they scoured a database of 4.3TB (that's a whopping 4,300,000MB) extracted from a number of high-profile password leaks on the Dark Web to find the passwords that people relied on more than any others. NordPass only received statistical information from the researchers, there was no personal data included in the findings sent to the password management team.


Hackers can break into accounts secured by passwords like "123456" and "admin" in under a second, researchers at NordPass confirmed. If you have any online accounts protected with one of these passwords, then it's time to change to something new – and much more secure.

Numerical sequences crop up throughout the most common password list, with "123456", "12345678", "123456789", and "1234" all making it into the top five. In fact, one-third of the top 10 consists of numbers alone.

Find the complete list of the 10 most common passwords at the bottom of this article. 

According to the research, people tend to rely on the weakest passwords for their streaming services, like Netflix, Disney+, and Prime Video, reserving their strongest passwords for online banking.

Commonly used passwords for streamers included the cringe-inducing "Netflix", "netflix123", "disney123", and "disney2020". While researchers found people typically reserved their best passwords for financial accounts, weaker options like "visavisa1" and "paypal123" still crop up in the list.

This is a pattern that comes up time and time again. NordPass found that different platforms influence password habits, with the fourth most common password used to secure accounts on Amazon being (surprise, surprise) "amazon".

Some websites have strict conditions for passwords, forcing account holders to use at least one letter, number, and special characters. These conditions have pushed passwords like "P@ssw0rd" into the top 30 passwords worldwide, but unfortunately, it's done little to make users' data safer. According to NordPass, "P@ssw0rd" can be unlocked by hackers in under one second. 


A troubling 70% of the list of most commonly used passwords can be hacked in seconds, researchers say.

Tomas Smalakys, NordPass Chief Technology Officer said: "With the terrifying risks password users encounter, alternative methods in online authentication are now essential.

"Passkey technology, considered the most promising innovation to replace passwords, is successfully paving its way, gaining trust among individuals and progressive companies worldwide. Being among the first password managers to offer this technology, we see people are curious to test new things, as long as this helps eliminate the hassle of passwords."

So, what should you do? NordPass recommends creating a strong password with at least 20 characters and a mixture of upper- and lower-case characters, numbers, and special characters. Personal information that could be easily guessed by those who know you – like birthdays, pet names, and hometowns – should be avoided. Always create a unique password for every online account, NordPass says.

If you're struggling to think of something, using the first letter from each word in a line of poetry, a saying, or a song lyric that you're unlikely to forget can be a great way to quickly generate what appears to be a completely random jumble of characters. 


Password managers are also a popular way of securing your online account. These applications generate secure passwords for every account, with these stored in an encrypted safe that can be accessed from any of your devices. To login, most of these applications only require a quick biometric check – facial recognition on the iPhone or a fingerprint scan on Windows PCs and Android.

NordPass is one option available alongside the likes of LastPass and 1Password.

Google and Apple both offer built-in password managers with their most popular products, dubbed Google Password Manager and iCloud Keychain respectively, that generate and store passwords.

Online accounts are increasingly turning to passkeys as a way to let users sign-in to apps and sites the same way they unlock their devices – using a fingerprint, a face, or an on-screen PIN. Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than one-time codes sent via SMS. Microsoft, Google, Apple and the FIDO Alliance are working together to bring passkeys to the web as an industry standard.

Although there are high hopes for passkeys, with Google even calling its rollout "the beginning of the end of the password", they're unlikely to eliminate old-fashioned passwords for some time. For the time being, we're still stuck with passwords for a huge number of our online accounts such, it's time to ditch "password123" and think of something a little stronger. 


Top 10 Most Common Passwords

  1. 123456 (used 4,524,867 times)
  2. admin (used 4,008,850 times)
  3. 12345678 (used 1,371,152 times)
  4. 123456789 (used 1,213,047 times)
  5. 1234 (used 969,811 times)
  6. 12345 (used 728,414 times)
  7. password (used 710,321 times)
  8. 123 (used 528,086 times)
  9. Aa123456 (used 319,725 times)
  10. 1234567890 (used 302,709 times)

 Original Article

FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise


Increased desire for biometrics and awareness of passkeys increases imperative on service providers to enable stronger, more user-friendly sign-ins

  • Password usage without two-factor authentication (2FA) is still dominant across use cases – consumers enter a password manually nearly 4 times a day, or 1,280 times a year

  • But when given the option, users want other authentication methods – biometrics is both the preferred method for consumers to log-in and what they believe is most secure, while awareness of passkeys continues to grow

  • Online scams are becoming more frequent and more sophisticated, likely fuelled by AI – over half (54%) have seen an increase in suspicious messages and scams, while 52% believe they have become more sophisticated

  • The impact of legacy sign-in methods is getting worse – the majority of people are abandoning purchases and giving up accessing services online – this is 15% more likely than last year at nearly four times per month per person

The FIDO Alliance today publishes its third annual Online Authentication Barometer, which gathers insights into the state of online authentication in ten countries across the globe. New to the Barometer this year, FIDO Alliance has also begun tracking consumer perception of threats and scams online in a bid to understand anticipated threat levels globally.

The 2023 Online Authentication Barometer found that despite widespread usage of passwords lingering on, consumers want to use stronger, more user-friendly alternatives. Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases tracked – including accessing work computers and accounts (37%), streaming services (25%), social media (26%), and smart home devices (17%). Consumers enter a password manually nearly four times a day on average, or around 1,280 times a year. The only exceptional scenario to this trend was financial services, where biometrics (33%) narrowly beat passwords (31%)* as the most used sign-in method.

This is especially interesting considering biometrics’ rising popularity as an authentication method. When asked what authentication method people consider most secure and the method they most prefer using, biometrics ranked as favourite in both categories, rising around 5% in popularity since last year. This suggests that consumers want to use biometrics more but don’t currently have the opportunity.

“This year’s Barometer data showed promising signs of shifting consumer attitudes and desire to use stronger authentication methods, with biometrics especially proving popular. That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage,” commented Andrew Shikiar, Executive Director and CMO of the FIDO Alliance. 

Marketing Technology News: Aidentified Launches Data Insights Scan (DIScover), a Snowflake Native App in the Data Cloud

Scams are getting more frequent and more sophisticated – likely fuelled by AI 

This year’s Barometer also unearthed consumer perception of threats and scams online. 54% of people have noticed an increase in suspicious messages and scams online, while 52% believe these have become more sophisticated.

Threats are seen to be active across several channels, but primarily email, SMS messages, social media, and fake phone or voicemails. The increased accessibility of generative AI tools is a likely driver of this rise in scams and phishing threats. Tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cybercrime, have made crafting compelling social engineering attacks far simpler, more sophisticated, and easier to do at scale. Deepfake voice and video are also being used to bolster social engineering attacks, tricking people into thinking they are talking to a known trusted person.

Shikiar added: “Phishing is still by far the most used and effective cyberattack technique, which means passwords are vulnerable regardless of their complexity. With highly accessible generative AI tools now offering bad actors the means to make more convincing and scalable attacks, it’s imperative consumers and service providers listen to consumers and start to look at non-phishable and frictionless solutions like passkeys and on-device biometrics more readily available, rather than iterating on ultimately flawed legacy authentication like passwords and OTPs.” 

Passkeys, which provide secure and convenient passwordless sign-ins to online services, have grown in consumer awareness despite still being live just over a year, rising from 39% in 2022 to 52% awareness today. The non-phishable authentication method has been publicly backed by many big players in the industry – Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple, with other brands like PayPal also making these available to consumers in the last twelve months.

The impact of legacy sign-ins worsens for businesses and consumers 

The negative impact caused by legacy user authentication was also revealed to be getting worse. 59% of people have given up accessing an online service and 43% have abandoned a purchase in the last 60 days, with the frequency of these instances rising year on year to nearly four times per month, per person, up by around 15% on last year. Poor online experiences are ultimately hitting businesses’ bottom lines and causing frustration among consumers.

70% of people have had to reset and recover passwords in the last two months because they’d forgotten them, further highlighting how inconvenient passwords are and their role as a primary barrier to a seamless online user experience. 


Original Article

Google Steps Up Its Push to Kill the Password

LESS THAN SIX months ago, Google announced that it was launching support for the password replacement known as “passkeys” for all personal accounts across its billions of users. Today, the company said it is going a step further and will make passkeys the default login setting for users.

When you log in to your Google account, you’ll get a prompt to create a passkey and start using it for login instead of relying on your Gmail address and password. Google will be turning on the “skip password when possible” option in account settings, which is essentially the passkey green light. Users who don't want to kill their password just yet will still be able to turn that setting off so they don't receive the prompts.


Password-based authentication is so ubiquitous in digital systems that it isn't easy to replace. But passwords have inherent security problems because they can be guessed and stolen. And since it's so difficult to keep track of dozens or hundreds of passwords, users often reuse the same passwords on multiple accounts, making it easier for attackers to unlock all of those accounts in one fell swoop. Passkeys are specifically designed to address these issues and dramatically reduce the risk of phishing attacks by instead relying on a scheme that manages cryptographic keys stored on your devices for account authentication.

Google didn't share statistics on passkey adoption so far, saying instead in a blog post that “people have used passkeys on their favorite apps like YouTube, Search and Maps, and we’re encouraged by the results.” The company points out that passkey support is expanding across other apps and services. Apple and Microsoft both support passkeys. And companies like Uber and eBay recently launched passkeys, and they're coming to WhatsApp soon.

“Passwordless is something we set out to achieve 10-plus years ago, and we’re thrilled to not only see us already on the next step of the journey with passkeys by offering them by default, but also to see the great feedback from users who have made the switch,” Christiaan Brand, identity and security group product manager at Google, tells WIRED.


There's so much inertia on passwords around the world that even a player as big and influential as Google can't force the issue overnight. But the company is clearly using its influence to steer users with gentle pressure that seems likely to continue mounting as passkeys gain broader momentum.

“We’ll keep you updated on where else you can start using passkeys across other online accounts,” the company wrote today. “In the meantime, we’ll continue encouraging the industry to make the pivot to passkeys—making passwords a rarity, and eventually obsolete.” 


Original Article

FIDO APAC Summit 2023

FIDO APAC Summit 2023

August 28 – August 30

Silver Sponsor : TrustKey Solutions


The Asia-Pacific region is experiencing a significant shift in the landscape of authentication methods, with a growing interest in passwordless solutions. Traditional password-based authentication methods have proven to be vulnerable to various threats, including phishing attacks, credential theft, and weak password practices. As a result, organizations in Asia Pacific are actively exploring and adopting passwordless authentication as a more secure and user-friendly alternative. The Asia Pacific identity and authentication market is expected to grow during the forecast period from 2021 to 2028.


The FIDO APAC Summit 2023 brought together industry leaders, cybersecurity experts, and government representatives from Asian countries such as Japan, Singapore, Australia, and South Korea to explore the latest developments and success stories in FIDO authentication.

In particular, Google seemed to be focusing on spreading Passkey by supporting it on Chrome and Android.




At this summit, TrustKey operated an exhibition booth to introduce the new model B210 and showcase TrustKey Login Solution and PIV.  In addition, we met with leading companies such as DTASIA Vietnam, VinCSS, and CySack to discuss potential partnerships, especially with VinCSS.

Through this event, we had the opportunity to introduce TrustKey solutions' FIDO technology and had a rich networking experience. 

#appleid #setup #ios Sep 06, 2023
Use Trustkey to sign into your Apple ID account on iPhone

About FIDO security keys

FIDO security keys for Apple ID are an optional security feature designed for people (such as celebrities, journalists, and members of government) who want extra protection from targeted attacks on their account, including phishing and social engineering scams.

A FIDO security key is a small third-party hardware device that you can connect to your iPhone and use to verify your identity when signing into your Apple ID account. The physical key replaces the six-digit verification codes normally used in two-factor authentication, which keeps this information from being intercepted or requested by an attacker.

Set up Trustkey

TrustKey is a FIDO security key that allows user authentication by touch or fingerprint. It has been designed to satisfy FIDO2 Level 2 certification requirments.


You need to set up at least two Trustkey so you can use one of them as a backup in case the other one is lost, damaged, or stolen. You can pair up to six keys with your account.

Ÿ   Go to Settings > [your name] > Password & Security.

Ÿ   Go to Security keys > Tap Add Security Keys, then follow the onscreen instructions. 



Sign into a device, website, or app using a Trustkey.

Ÿ When prompted, insert your Trustkey.

Ÿ​ Follow the onscreen instructions



Use a Trustkey to reset your Apple ID password.

If you forget your Apple ID password, you can use a Trustkey that’s paired with your account to reset it.

Ÿ   Go to Settings > [your name] > Password & Security. (If you aren’t already signed into your Apple ID account on your iPhone, first use your paired security key to sign in).

Ÿ   Tap Change Password, then follow the onscreen instructions.


Use a Trustkey to unlock your Apple ID

If you try unsuccessfully six times in a row to sign into your Apple ID account, or if your iPhone detects other signs of suspicious activity, you’ll receive an onscreen notification that your Apple ID is locked. You can use your Trustkey to unlock it.

Ÿ   Tap Unlock Account, then follow the onscreen instructions to unlock your Apple ID.

Ÿ   If you think your account might have been locked because someone else knows your password, tap Change Password and enter a new one.

Ÿ   Tap Done.


Remove security keys.

You can pair up to six Trustkey with your Apple ID. If you reach the limit and need to pair additional keys, you can remove one or more of your paired keys. You can replace keys you’ve removed at any time.

Ÿ   Go to Settings > [your name] > Password & Security.

Ÿ   Tap Security Keys.

Ÿ   To remove all keys, tap Remove All Keys, then tap Remove.

To remove individual keys, tap the ones you want to remove, then tap Remove Key.


Note: If you remove all Trustkey from a device, the device reverts to using six-digit verification codes for two-factor authentication. 

#Austria #G310H #gov Jul 24, 2023 announces support for TrustKey G310H security key, an interagency platform for immediate help and information on Austrian public administration information and issues, recently announced enhanced support for using FIDO2 security keys as MFA devices.
As a result, the TrustKey G310H security key is compatible and can be used with ID Austria.

Which FIDO security keys are compatible with ID Austria and where are they available?

Tokens that support FIDO2 Level 2 certified with WebAuthn can be used with ID Austria. This is currently fulfilled by:

• Trustkey G310H
• GoTrust Idem Key FIDO2
• Yubico Security Key NFC in schwarz (USB-A + NFC, USB-C + NFC)
• Yubico YubiKey FIPS Series (5 NFC FIPS, 5C NFC FIPS, 5C FIPS, 5 Nano FIPS, 5C Nano FIPS, 5Ci FIPS)

Common models usually offer connection via USB or NFC to your computer. They can be purchased in stores and can cost between 30 euros and 70 euros, depending on the model.
We recommend using them on the Windows operating system and using common browsers like Chrome or Firefox to ensure smooth operation.
An overview of FIDO2 support on operating systems and browsers can be found at

To order your TrustKey today, visit and start protecting your accounts with TrustKey as your ID Austria anti-phishing MFA.





Meet TrustKey’s expert.


TrustKey Co.,Ltd./Address : (06236) 2F, 14, Teheran-ro 22-gil, Gangnam-gu, Seoul, Republic of Korea
Tel : +82-2-556-7878 Sales : / Technical : / Fax : +82-2-558-7876

Copyright © 2020 TrustKey. All Rights Reserved.