Newsletter Archive
Listen to Our Podcast
Dear Aventine Readers,
If you, like many people, are plagued by too many passwords, password systems and two-factor verification prompts, relief could be in sight. This month we look at the emerging technology of passkeys, and how they could simplify the login experience for many of the sites and apps we use every day.
Also in this issue: The astounding possibility of 3D organ printing, an accomplishment that could change the lives of the hundreds of thousands of people in need of organ transplants and create vast new possibilities for testing drugs and therapies without having to rely on animals.
Finally, China is testing out flying taxis that are both electric and pilotless. And if you are looking for a way to donate fresh food, a network of neighborhood refrigerators might be what you’re looking for.
As usual, thanks for reading,
Danielle Mattoon
Executive Director, Aventine
Subscribe
Subscribe to our newsletter and be kept up to date on upcoming Aventine projects
Finally, an Improvement on the Password
For at least 20 years, industry heavyweights like Bill Gates have argued that passwords would soon be killed off by a better way for people to prove that they are who they say they are.
Yet most of us still make do with a patchwork of password managers, memorized strings of characters and random scraps of paper coupled with an ever-growing variety of two-factor authentication tools that have been layered on top of the aging password system to keep our accounts secure.
That is until now. Recently — and especially if you’re a Google user — you may have come across passkeys, a new technology that replaces passwords with the ability to log onto a service or website using facial recognition, a fingerprint scan or the password you use to unlock your phone or computer. While numerous tech giants including Apple, Amazon and Microsoft already offer the new technology as an option, Google has gone a step further: Last month, it made passkeys the new default login system for users.
But what exactly are passkeys, why do we need them, and are there any concerns you should heed before adopting them? Aventine spoke with a handful of industry leaders and security experts who all agreed that the technology is more secure and convenient than passwords, though there are some open questions over its adoption and how it could be compromised by hackers in the future.
“It's a good solution, and it's probably going to eliminate more problems than it creates,” said Bill Roscoe, a professor of computing science at the University of Oxford. “But it does create some.”
The Problem with Passwords
Humans are imperfect. While the majority of us probably know what good practice around passwords should look like, the reality is that we don’t always follow it.
This creates dangerous fault lines — or, in computer security jargon, attack vectors — in password systems that can be exploited by bad actors. Weak passwords can be guessed using so-called brute force attacks that cycle through all possible passwords until the correct one is found. If passwords are reused they are even more vulnerable, as hackers who gain access to one website’s database of login information will try out those user i.d. and password combinations on other sites and ultimately be successful. And if a bad actor can convince someone to hand over a password directly through deception, a process known as phishing, the hacker has immediate access to the victim’s account.
Christiaan Brand is product manager for identity and security at Google and has been closely involved with the company’s deployment of passkeys. He said that the industry has “tried to put bandaids on top of the password’s shortcomings,” referring to extra layers of security like two-factor authentication. But, he went on to say, there are two problems with that approach: First, while it’s harder for criminals to phish for those details, it is still possible and is now “happening at scale.” Second, he said, it adds friction for users, which they find frustrating.
The Promise of Passkeys
Passkeys were born out of a desire to build an authentication system that is both more phishing-resistant and easier to use than passwords. They’re based on a set of standards created by the Fast Identity Online Alliance, more commonly known as the FIDO Alliance, a consortium of companies — a long list that includes heavy hitters such as Amazon, Apple, Google, Meta and Microsoft — that has been developing a number of passwordless authentication protocols since 2012.
When you use a password to log into an app or a website, you essentially share a piece of information that is checked against an entry linked to your account in the site’s database; if the password matches, you’re granted access. Passkeys work differently. When you opt to use passkeys, the operating system on your device creates a cryptographic key pair — basically two very long character strings that fit together uniquely. One key is kept private on your device; the other is shared with the platform and stored on its server. After passkeys have been authorized on a site, those keys can then be activated through facial recognition, a fingerprint or a device password. And, perhaps most important, your operating system will refuse to hand them out to an illegitimate site, making the technology highly resistant to phishing.
Every website requires a unique pair of passkeys, so for each website that supports passkeys, your device generates a new set. You can create new passkeys for each platform on separate devices or sync passkeys across devices using software such as 1Password or Dashlane. But as far as you, the user, is concerned, the process of logging into a website will always be the same: You log on using facial recognition, a fingerprint or — if you don’t like biometrics or a device doesn’t support them — by using your device’s password or PIN.
In terms of security, this system has some clear advantages over passwords. In a world of passwords, hackers can target the databases of large companies and — if successful — come away with the login information of many millions of users. Additionally, because passkey users are unaware of the complex character strings activated by facial or fingerprint logins, they cannot inadvertently share that information with bad actors.
Barriers to Adoption
While titans like Apple and Google have been able to plow cash into the implementation of the technology, dedicating large tech teams to the task, it’s not as straightforward for smaller companies to follow suit. “It's really hard to do,” said Anna Pobletts, Head of Passwordless at 1Password, describing the work required to build out support for passkeys on a website. “It's much more complicated than passwords; you have to manage all of the user’s different devices and where they might have passkeys living.” Brand agrees. “[It] is, unfortunately, where I see the biggest issue right now,” he said. “We have a large team of engineers just focused on wrangling this beast that is the current passkey system into submission. … It would be a pretty hard job for a smaller company right now.”
Pobletts points out that even the big tech companies have rolled out the system incrementally, providing support for single platforms like iPhones, or providing passkeys first as backup to existing password-based systems in order to build user confidence in the system. That helps explain why, for now, passkeys are only available on a handful of platforms — those built by the tech giants, along with a number of enthusiastic smaller companies, such as Kayak, TikTok, Robinhood and Shopify.
There’s also been some early reticence among users who are concerned that the technology could be used by big tech companies as a means of locking users into their ecosystems. But with password managers such as 1Password and Dashlane supporting the technology, that concern seems increasingly unwarranted.
New Attack Vectors
There’s something of a mantra in cybersecurity circles: "There is no such thing as perfect security.” Systems are built by and used by humans, and humans are fallible. That means that while theoretically perfect security systems might exist, reality is rather different. “Computer security is [so] multi-dimensional with so many different attack vectors,” said Roscoe. “The poor person who is actually trying to create security has to worry about them all, but the attacker only has to find one [flaw].”
So there are open questions around passkeys: Where do their threat vectors lie, and how could they be exploited? The obvious point of failure, Brand says, is the storage of the private passkey on users’ devices. “With a password, if you don't use a password manager, you're keeping it in your head … no one can steal them out of your head directly, right?” he said. Passkeys, meanwhile, have to be stored somewhere, introducing a point of vulnerability. But this is a risk many people are already accepting by using password managers: It is technically possible for such a storage system to be attacked and the passwords extracted. There’s also the risk of a bad actor gaining physical access to your unlocked device, but that threat also exists in a password-based world.
Brand also explained that bad actors, deterred by passkeys, might turn their attention to adjacent technologies that have so far gone largely ignored because targeting passwords was more straightforward. An example of this would be targeting cookies, the small blocks of data that make it possible to return to, say, your email account in a browser without having to log back in; if hackers could gain access to those cookies on your device, they too could make use of that open session.
Overall, though, “the level of security is so much higher and the range of the attack is much smaller” than with passwords, said Pobletts.
The Death of the Password?
For now, passkeys are only gradually rolling out across websites. Google is leading the charge, other tech giants are following in its wake, and enthusiastic smaller companies are trying the technology out.
Still, these companies appear to be bellwethers of a trend that shows signs of gaining momentum and could turn passkeys into everyday security technology. “Having their weight behind this is really important to get mass adoption,” said Pobletts of the big tech companies. Brand, meanwhile, said that, while Google isn’t releasing usage numbers yet, it has seen adoption among users that it is “very happy with.”
As for whether this all signals the end of the password as we know it? “My hope is certainly that passkeys become really mainstream, they're on 90 percent of websites everywhere, [they’re] kind of like the expected way to authenticate,” said Pobletts. “But I think there will always be passwords.”
Listen To Our Podcast
Learn about the past, present and future of artificial intelligence on our latest podcast, Humans vs Machines with Gary Marcus.
Advances That Matter
Here come the AI safety rules. Kind of. The U.K. put AI safety firmly on the agenda at the start of November, hosting a summit with the goal of developing a global, coordinated effort to address the risks and misuse of AI tools. While it didn’t achieve much materially — tech companies signed a legally nonbinding agreement with governments to allow their models to be tested — it was notable for convening world leaders and tech executives in the same room. And the anticipation of the meeting appears to have served as impetus for President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence, put out just days before the British jamboree. The Biden document is notable for both the depth and breadth of its proposals, which seek to mobilize multiple government agencies to ensure that AI is safe, whether that means protecting consumer privacy or preventing AI from threatening national security. While neither the British nor the American plans have teeth yet, the fact that both governments have been so public about managing AI is a meaningful step.
Mouse embryos survive in space. Any future in which humankind colonizes other planets begs a significant question: Can we reproduce in space? A team of researchers from the Japan Aerospace Space Agency and the University of Yamanashi have taken an initial step toward answering that question. The team launched 720 frozen two-cell mouse embryos into space aboard a SpaceX rocket and delivered them to the International Space Station. There they were cultured for four days to the blastocyst stage, the point at which they can affix to the wall of the uterus. The embryos were then brought back to Earth to be analyzed. (This undertaking required the design and manufacture of a complex device that allowed non expert astronauts to perform the experiments.) The findings, published in the journal iScience, show that embryos grown on the space station had a 23.6 percent chance of reaching the blastocyst stage, compared to a control group on Earth that reached the stage at a rate of 61.2 percent. And those that reached it on the space station developed normally — evidence, the researchers claim, that “shows mammals may be able to thrive in space.”
Generative AI has a heavy carbon footprint. How much power is artificial intelligence gobbling up? We’ve long known that training AI models is computationally demanding, which in turn equates to high power use. But as this story from IEEE Spectrum explains, simply prompting an answer from a generative AI model like ChatGPT requires considerable energy as well. “A single LLM interaction may consume as much power as leaving a low-brightness LED lightbulb on for one hour,” explained Alex de Vries, a PhD candidate at VU Amsterdam in the Netherlands. And multiplying even that small amount of energy by the huge number of generative AI queries now made around the world every day quickly gives rise to very large numbers. In total, new research suggests, AI could be using as much power as the whole of the nation of Ireland, or about 29.3 terawatt-hours per year.
3D Organ Printing
In the United States there are currently more than 100,000 people on a transplant waiting list to receive a new organ; 17 of those, according to the government network that acquires and transports organs, die every day while they wait. There are simply not enough human organ donors to meet the needs of those who require a transplant.
But in the next several decades, there might be one or even two new methods of providing those necessary organs. The first is growing organs in pigs or other animals and then transplanting them to humans, a process rife with immune-rejection problems but showing promise. (Two people lived for over a month with genetically modified pig hearts.) Even more fantastical but possibly more useful in the long run is three-dimensional bioprinting of organs and organ tissue. This was once a pipe dream, but researchers have, over the past few years, successfully printed musculoskeletal structures (like cartilage), tissues, and even parts of a heart. While creating a fully functioning major organ like a heart or kidney with vasculature and blood flow is still out of reach, experts told Aventine they believe that dream could become a reality. (Creating 3D-printed organs that could be cost-competitive with standard organ donation is perhaps an even more difficult hill to climb.)
Aventine spoke to five experts in the field to understand the potential and largest barriers for this enormous quest, as well as how efforts to reproduce human tissue could lead to new therapies. Researchers expect that bioprinting could transform drug trials, improve drug development, and aid in surgery well before the 3D printing of whole, complex organs is achieved.
Printing all the big vessels and having all the capillaries in place will be solved as a scientific hurdle very soon, and so the next major challenge is cell scale and production. To practice organ printing we need tens of billions of cells, and that is a dramatically different paradigm of cell production, so we need to recognize that the pace of advancement will be limited by that. Then it will depend on how well we can keep all of those cells alive, how much we can get the stem cells to behave like heart cells, for example. But that science is moving very quickly, getting better and better.
So it’s going to be very difficult, there are a lot of variables, lots of new technology and science, and the FDA is very conservative. It’s going to take a long time to establish good manufacturing practices. But this is a decades-long process, and there’s a good scientific basis which right now is different from the past forty years."
— Mark Skylar-Scott, professor of bioengineering at Stanford University and principal investigator of a 3D bioprinting lab at Stanford Medical School
Having the potential is not the same as being able to do it. A lot of things have the potential and fail miserably. But I want to highlight that I definitely think it’s all a matter of when, not if. Success is a matter of technical capabilities, clinical trials to validate everything, and then the cost.
Not only the cost to drive the development of this, but then also the cost of whatever we can actually produce to build a viable industry. If we can build a heart as an alternative to transplant, but each one of those hearts costs a million dollars, that’s not viable. We still need to get better than the current transplant cost. Even if we 100x the number of transplants at the current cost, our healthcare system can’t handle that. That’s too expensive."
— Adam Feinberg, biomedical engineer at Carnegie Mellon University and principal investigator of CMU’s Regenerative Biomaterials & Therapeutics group
At this moment still we couldn’t get a functional organ to work. Organs are big and compact with many different types of cells. When we do work in the lab we don’t have that many cells, partially because of difficulty sourcing and secondly the cost. If you were going to build a real organ you need a lot of cells, and we aren’t there yet. Plus the technology to have a vascularized organ, we are not there yet. The most challenging part is building high density tissue or organ with vascularization to support growth. I think it’s possible, but to really figure it out the field needs more investment from government, like the NIH."
— Shaochen Chen, professor of nanoengineering at University of California, San Diego
Of course the ultimate goal is creating tissues for transplantation purposes. But for solid organs, we are still not there yet. But we could have these tissues used for drug testing or for modeling. I think this has huge potential. This is not really scientifically super challenging as compared to bioprinting of solid organs for transplantation.
And when we get these tissues into the market, they can basically replace animal testing. The major problem with animal testing is that human physiology isn’t really replicated. So instead of using animal models, why don’t we have the patient’s own tissue used? We can make the model, test the drug or any of the therapeutics on these tissues, and replicate the physiology of the human so the risk for failure will be very small."
— Ibrahim Tarık Özbolat, professor of neurosurgery and engineering at Penn State University’s Cancer Institute
We’re working on type 1 diabetes. Bodies are unable to sense glucose and release insulin because they’ve lost those cells in the pancreas, so we’re creating this implantable living cell therapy that restores that function that has been lost. It may not look anything like the organ or be planted anywhere near the organ, but the (new) tissue can repair, supplement or restore the function that has been lost. We’re taking a very pragmatic approach as we develop tissues for liver and endocrine function.
Our goal is to create these tissues that we can implant in the body and tackle the functions that are lost. Our goal isn’t to take a full organ and say we need to create an exact architectural identical replica, that belongs more in science and dare I say science fiction, our goal is to focus on rational therapeutic development to bring this to patients. For example, this year we partnered with Novo Nordisk on the development and commercialization of products for diabetes and obesity."
— Tamer Mohamed, co-founder and CEO of Aspect Biosystems, a bioprinting technology company
Technology’s Impact Around the Globe
1. Guangdong, China. The chance to hail a flying taxi is a step closer — if, that is, you’re someone who will be comfortable being flown around without a pilot. The Verge reports that the Civil Aviation Administration of China has granted a company called EHang permission to test the world’s first electric vertical takeoff and landing (eVTOL) taxi that will also fly pilotless. The company’s EH216-S vehicle has a small, bubble-shaped passenger compartment that is kept aloft by 16 small rotors mounted at the end of eight folding arms. (On land, those arms fold in so it can park in tight spaces.) It has a range of just over 18 miles and a top speed of around 80 mph. To get to this stage, EHang has completed 40,000 test flights of the craft and provided numerous safety reassurances, including data from crash tests. The company hopes to offer sightseeing trips around Guangdong by the end of this year.
2. New York, U.S.. As COVID-19 swept across the world, so did new ways for people to help each other out. One initiative that persisted as the pandemic ebbed is the community refrigerator: fridges installed in outdoor public areas filled with food donated by the community for those in need to take as they please. There are maps of fridges in New York City, the Love Fridge network in Chicago estimates that thousands of pounds of food make their way through its 20 or so fridges each month, and the idea has gone global. But as Grist reports, these networks of fridges are not just a way to fight hunger but also a useful tool in curbing the effects of climate change. The UN claims that food waste accounts for as much as 10 percent of global emissions and as Feeding America notes, 39 percent of all food waste in America happens in the home. Communal fridges are particularly well suited to distribute small quantities of perishable food in dozens of neighborhoods in a way that food banks can’t.
3. Everywhere. Generative AI has made it incredibly simple for people to create professional-looking artwork by doing little more than typing a description of what an image should depict. But an investigation by Rest of World that analyzed 3,000 images created using Midjourney’s generative AI algorithms reveals the stark reality of the stereotyping they display. In the images generated for this analysis, the publication writes, “a ‘Mexican person’ is usually a man in a sombrero; most of New Delhi’s streets are polluted and littered; [and] in Indonesia, food is served almost exclusively on banana leaves.” The biases reflect those that suffuse the data on which these AI models are trained, and attempts to fix the problem haven’t always played out as hoped. But until companies figure out how to effectively overcome these issues, images created using these AI tools may end up compounding many of the stereotypes that many people have been attempting to overturn for decades.
Magazine and Journal Articles Worth Your Time
The Quest to Quantify Quantumness, from Quanta
3,400 words, 13 minutes
The popular narrative about quantum computing is that it will upend traditional computing by storming through calculations at lighting speed. The reality is a little more complex. There are some tasks long believed to be highly suited to being solved by quantum computers that in reality can be performed pretty well on regular computers too. That means that the idea of so-called quantum advantage is harder to exploit than many people have hoped. This feature takes a detailed look at the research around what makes problems more and less suited to being solved by quantum computers, and what that means for how useful the emerging new hardware will be.
The Tough Stuff, from Canary Media
15 stories, and as long as you’ve got
Industry accounts for 26.3 percent of global carbon emissions each year, and of that slice 70.9 percent result from the production of iron, steel, cement and chemicals. New ways to produce those materials could substantially reduce the world’s emissions and have a profound effect on bringing climate change under control. This big story package from Canary Media explores the near-term quick wins and longer-term technological shifts that could help clean up the production of these materials — but also argues how it won’t be easy, and will require strong government intervention. If you’re a little overwhelmed at the prospect, then the publication’s podcast on the topic might be a good place to start.
How a Tiny Pacific Island Became the Global Capital of Cybercrime, from MIT Technology Review
3,800 words, 14 minutes
You’ve probably never heard of Tokelau, a remote group of islands about halfway between Hawaii and New Zealand in the Pacific Ocean with a population of just 1,400. And you’ve probably never heard of its country-code top-level domain of .tk, its equivalent to America’s .us or Germany’s .de on the end of URLs. But you’ve almost certainly come across a .tk website — because for years they’ve been used almost exclusively by scammers and crooks. This is a story of digital colonialism: a tiny community exploited, unaware of the power of technology to transform its reputation when it handed over control of its top-level domain to an opportunistic entrepreneur.