One of the most popular password security tools for consumers is getting ready for the inevitable: a world without passwords.

Driving the news: Next week, 1Password will start beta testing an expansion of its touchstone password manager that allows the tool to store passkeys.

• Passkeys are basically a more secure replacement for phrase-based passwords. They often require facial recognition, touch ID or a hardware security key to log in to an online account.
• I spent the last three weeks testing out 1Password's new passkey manager capabilities, and with it, logging in to different websites has been a far faster and easier user experience.

The big picture: Malicious hackers have increasingly relied on stolen passwords to launch attacks in recent years.

• Most people typically reuse their passwords across accounts, making it easier for hackers to break into multiple accounts after finding just one leaked on the dark web. And cybercriminal groups have created a whole ecosystem online where they sell the stolen passwords they obtain during attacks.
• In 2022, nearly three in 10 ransomware attacks started with attackers using a stolen password, according to Sophos' "State of Ransomware" report.

Between the lines: 1Password recognizes that its business model — providing a better way for people to create and store their passwords — will be upended as passwords become a thing of the past.

• The company acquired Passage, an Austin, Texas-based startup that helps businesses support passkeys on their websites, last fall to jumpstart its next phase.
• Now, 1Password's expansion of its password manager will help users transfer their device-based passkeys across multiple computers, phones and tablets.

What they're saying: "It's just become almost frustrating for people to remember how I signed in last time," Jeff Shiner, CEO of 1Password, told Axios.

How it works: Using 1Password's new passkey manager was seamless and simple.

• I tested the Chrome browser extension that 1Password will start beta testing next week — but the test was available on only a handful of websites that support passkey logins, such as Google and Kayak.
• Saving an account's passkey is similar to saving a password — when a user creates a passkey for its account, the 1Password browser extension will prompt the user to save the key in the manager.
• After saving a passkey for the website, 1Password will then start to fill out the information for the user.
• But ensuring my own devices were set up for passkeys took a fair bit of technical know-how. I struggled to set up a passkey for a test Gmail account until I realized my MacOS system didn't have the "iCloud keychain" feature turned on.

Zoom out: 1Password's new tool comes as Google, Microsoft and Apple have started supporting passkeys on their own operating systems.

The intrigue: Passkeys are considered more secure than traditional passwords since it would require a hacker having access to both the public key stored with the business and the cryptographic key created by and stored on a user's device.

• 1Password's extension will let users carry that cryptographic key between devices.

Yes, but: Passkeys are far away from universal adoption.

• Only a handful of websites support logging in with facial recognition and biometrics, let alone have the ability to store accounts' encrypted passkey information on their own servers.
• 1Password suspects it can move out of beta testing once Android and iOS support for passkeys becomes universal, Steve Won, chief product officer at 1Password, told Axios.

What's next: Starting this summer, 1Password is aiming to roll out capabilities to let users replace all of their stored passwords with passkeys, Won said.

• "What better way to show our commitment to passkeys than getting rid of the password in 1Password," he added.

CrowdStrike is the next major cybersecurity firm bringing generative AI into its product stack.

Driving the news: CrowdStrike — a publicly traded company that provides a mix of cloud security tools, endpoint security, and incident response and threat intelligence products — rolled out its own generative AI assistant for customers today.

• The new assistant, known as Charlotte AI, works similarly to other generative AI assistants that have hit the market in recent months. A user can ask the assistant a simple question about how vulnerable their system is to the latest vulnerability, and Charlotte AI will return real-time answers, as well as recommended action items.
• CrowdStrike trained its model on information from the security events the company has come across, threat intelligence information about hacking groups and ongoing attacks, and telemetry across users, devices and cloud workloads, according to a blog post.
• The company has also incorporated a data set that details how CrowdStrike's employees have stopped "breaches around the world," per the blog.
• Charlotte AI is currently available only in a limited, private customer preview.

What they're saying: "We believe our continuous feedback loop on human-validated content is critical, and because of this, no other vendor will be able to match the security and business outcomes of CrowdStrike's approach to generative AI," Michael Sentonas, president at CrowdStrike, said in a statement.

The big picture: CrowdStrike is just the latest cybersecurity vendor to add a generative AI assistant to its security platforms, following similar moves from Microsoft, Google and others.

• CrowdStrike's announcement also comes the day before the company reports its first-quarter earnings.

Yes, but: Generative AI assistants just scratch the surface of ways that experts predict AI can transform cybersecurity.

• Analysts have predicted that AI could help cybersecurity teams automate their defenses and proactively scan networks for suspicious activity.

A security vendor popular with small to medium-size businesses' IT teams is starting to make it easier for its customers to get cyber insurance.

What's happening: Kaseya, a leading provider of remote monitoring and management tools, launched a partnership with cyber insurance provider Cysurance today so that customers are fast-tracked for a new policy.

• Customers that have Kaseya's IT Complete Security Suite will be pre-approved for a cyber insurance policy with Cysurance, allowing them to bypass a sometimes-arduous vetting process.
• Cysurance will also provide qualifying Kaseya customers with a discount on coverage rates and up to $1.5 million in coverage.

Why it matters: Cyber insurers have become stingier about who they award policies to following years of increased payouts and attacks.

• To stabilize the market, insurers have started more closely vetting potential customers' security programs to ensure those programs follow some baseline requirements.
• But that vetting process can be cumbersome since it requires companies to fill out lengthy questionnaires and dig up answers about their programs that many don't know how to find.

The big picture: Kaseya is just the latest security vendor to team up with an insurance provider to make obtaining a policy easier.

• Google offers a similar program for Google Cloud customers with reinsurers Munich Re and Allianz Global Corporate & Specialty, and CrowdStrike also has had a similar partnership with Cysurance.

Between the lines: Partnerships between an insurance provider and a cybersecurity vendor can be a win-win for both.

• The insurer can attract more customers and go through a faster auditing process, while the security vendor can use the discounts as a selling point to attract new business.

The intrigue: While major companies can easily suss out the details of their security programs, not all organizations have the resources and time to dig deep into their security programs and find specific details about how their endpoint security tools work, for example.

• Most of Kaseya's customers are managed service providers that contract their services to small businesses, giving the company an outsize role in helping these organizations better prepare for attacks.

@ D.C.

🇺🇸 Commerce Secretary Gina Raimondo said the U.S. "won't tolerate" China's ban on purchases of Micron Technology's memory chips, adding that the U.S. is working with its allies on a response. (Reuters)

🪖 The Pentagon has submitted its classified 2023 cyber strategy to Congress, noting that the strategy is "grounded in real-world experience." (Nextgov)

⚠️ The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to patch security flaws in Barracuda Networks' email hardware. (The Record)

@ Industry

🔍 Israeli spyware maker NSO Group is under new ownership in an effort to keep the embattled company running. (Wall Street Journal)

🫡 An inside look at how one spyware maker has been trying to stay on the U.S. government's good side. (Financial Times)

@ Hackers and hacks

🫠 Roughly 90 organizations say they were affected by a hack earlier this year of outsourcing giant Capita. (BBC)

📲 A popular Android screen-recording app has been stealing its users' microphone recordings and other media files from their devices. (TechCrunch)

👀 A hacker leaked a database containing information about 478,000 users of the now-defunct RaidForums dark web discussion board onto a new hacking forum. (BleepingComputer)

Today's fun thing goes out to a niche group of readers: fans of both HBO's "Succession" and Bravo's "Vanderpump Rules."