{"id":607,"date":"2026-06-12T09:24:12","date_gmt":"2026-06-11T23:24:12","guid":{"rendered":"https:\/\/monash-med74.dyndns.org\/blog\/?p=607"},"modified":"2026-06-12T09:24:12","modified_gmt":"2026-06-11T23:24:12","slug":"login-confusion","status":"publish","type":"post","link":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/2026\/06\/12\/login-confusion\/","title":{"rendered":"Login Confusion"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"819\" src=\"https:\/\/monash-med74.dyndns.org\/blog\/wp-content\/uploads\/2026\/05\/password_confusion-1024x819.png\" alt=\"\" class=\"wp-image-608\" srcset=\"https:\/\/monash-med74.dyndns.org\/blog\/wp-content\/uploads\/2026\/05\/password_confusion-1024x819.png 1024w, https:\/\/monash-med74.dyndns.org\/blog\/wp-content\/uploads\/2026\/05\/password_confusion-300x240.png 300w, https:\/\/monash-med74.dyndns.org\/blog\/wp-content\/uploads\/2026\/05\/password_confusion-768x615.png 768w, https:\/\/monash-med74.dyndns.org\/blog\/wp-content\/uploads\/2026\/05\/password_confusion.png 1402w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">For many years, logging in to websites has relied on a combination of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>username or email address, and<\/li>\n\n\n\n<li>password.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This system is still widely used today, however passwords have weaknesses:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>people often reuse the same password on multiple websites,<\/li>\n\n\n\n<li>weak passwords can be guessed,<\/li>\n\n\n\n<li>passwords can be stolen in data breaches or scams.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Because of the inherent weaknesses of using passwords alone, many organisations are now adding extra layers of security to log in.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For many people, these extra steps can seem inconvenient and confusing, so let\u2019s explain what is going on and why \u2026<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2FA and Authenticator apps<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Websites are increasingly using <strong>two-factor authentication (2FA)<\/strong> to improve security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">So after entering a password, the website will send a temporary security code by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>text message (SMS), or<\/li>\n\n\n\n<li>email.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The user then enters this code to complete the login process.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But this approach still has some weaknesses:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>text messages can sometimes be intercepted or redirected,<\/li>\n\n\n\n<li>email accounts may themselves be compromised,<\/li>\n\n\n\n<li>codes can be delayed or fail to arrive,<\/li>\n\n\n\n<li>scammers may trick users into revealing codes.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Because of these problems, many organisations (such as the AHPRA website) are moving towards the use of <strong>authenticator apps<\/strong> instead, see AHPRA login video here:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.ahpra.gov.au\/Support\/Ahpra-portal-help-centre\/How-to-renew.aspx\">https:\/\/www.ahpra.gov.au\/Support\/Ahpra-portal-help-centre\/How-to-renew.aspx<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Authenticator apps generate security codes directly on your phone without relying on text messages or email delivery. These codes change automatically every 30 seconds.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Common authenticator apps can be downloaded and installed on your phone from your favourite app store &#8211; iPhone app store, android Google Play Store, etc.  Most websites do not require a specific authenticator app \u2014 any of the following will usually work:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Google Authenticator<\/li>\n\n\n\n<li>Microsoft Authenticator<\/li>\n\n\n\n<li>Aegis Authenticator<\/li>\n\n\n\n<li>Proton Authenticator (a cousin to Proton Pass).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">So to log into a website that requires 2FA via an authenticator app, you:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>enter your username (email) and password,<\/li>\n\n\n\n<li>open the authenticator app on your phone, then<\/li>\n\n\n\n<li>type the six-digit code shown in the phone app back into the browser screen.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Even if somebody learns your password, they still cannot log in without access to your phone and the current code.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Authenticator apps are increasingly used for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>email accounts,<\/li>\n\n\n\n<li>banking,<\/li>\n\n\n\n<li>workplace systems,<\/li>\n\n\n\n<li>cloud services,<\/li>\n\n\n\n<li>social media accounts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The emerging use of passkeys<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A newer technology called <strong>passkeys<\/strong> is also beginning to appear on more websites and devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Passkeys are designed to eventually replace passwords, although many websites currently support both methods during the transition period.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead of typing a password, your device securely confirms your identity to login using:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>fingerprint,<\/li>\n\n\n\n<li>face recognition,<\/li>\n\n\n\n<li>device PIN,<\/li>\n\n\n\n<li>or another secure unlock method.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Passkeys are generally easier to use and more resistant to phishing scams than traditional passwords. However, choices are required when creating a passkey \u2026<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Should I create a synced or a non-synced passkey ?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">When creating a passkey, you will be asked either to save to a password manager (with options of which password manager), or not to save to a password manager.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1) A <strong>non-synced passkey<\/strong> is not stored in a password manager that synchronises passkeys across devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instead, a non-synced passkey can be saved either on the <strong>device<\/strong> itself, OR on a <strong>hardware security key<\/strong> (for example, a USB security key such as a YubiKey). <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When saved directly on the device itself, the passkey is only available on that particular device. This option may suit someone who only ever uses one device, such as a phone or tablet.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Whereas if saved onto a USB hardware security key (such as a YubiKey), the passkey can be used on compatible devices that support that security key.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Hardware keys appeal to those who regularly use multiple shared computers, IT professionals and frequent travelers.  More information on the Yubikey is here:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.scorptec.com.au\/product\/flash-memory\/security-keys\/94853-5060408461426\">https:\/\/www.scorptec.com.au\/product\/flash-memory\/security-keys\/94853-5060408461426<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2) On the other hand, a <strong>synced passkey<\/strong> is saved to a password manager, and is available on all devices using that password manager. Many of us use multiple devices (phone, tablet, laptop, desktop), and often multiple platforms (operating systems: macOS, Windows, Android, Linux). In these circumstances, saving a new passkey to your password manager is a very practical solution.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Password managers <\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">In a previous article, the use of a password manager was mentioned as a valuable tool to make life easier and safer for managing your passwords.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>macOS<\/strong> has a built-in password manager, now called Passwords, which stores passwords and passkeys, and synchronises these across all of your Apple devices (iPhones, iPads, Macs).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Microsoft<\/strong>&#8216;s password manager is integrated into Microsoft Authenticator and Microsoft&#8217;s browser known as Edge (the successor to Internet Explorer), which can synchronise passwords and passkeys across Windows devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Google<\/strong>&#8216;s Password Manager synchronises passwords and passkeys across the Android platform, and on any device\/ platform which uses their Chrome browser.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, there are <strong>3rd party<\/strong> password managers such as Proton Pass and Bitwarden which can synchronise passwords and passkeys across all devices and all platforms (Apple, Microsoft\/ Windows, Android, and Linux), whilst maintaining privacy from big tech companies.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Now that I have a passkey, do I delete my password ?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">After setting up a passkey, expert advice differs regarding when and what to do with your original login password.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">My preference is to keep the password temporarily until I have confirmed that the passkey is working reliably on all the devices I intend to use. Once I am confident that access can be recovered if a device is lost or replaced, I can then consider removing the password if the website allows it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the other hand, some websites, including the myGov site, recommend the deletion of your password straight away to improve your account security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To learn more about passkeys, see the myGov information page and video here:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/my.gov.au\/en\/about\/help\/mygov-website\/sign-in-to-mygov\/use-passkeys\">https:\/\/my.gov.au\/en\/about\/help\/mygov-website\/sign-in-to-mygov\/use-passkeys<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>A period of transition<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">At the moment, the internet is in transition:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>passwords are still widely used,<\/li>\n\n\n\n<li>2FA and authenticator apps are becoming increasingly common, and<\/li>\n\n\n\n<li>passkeys are being introduced whilst the technology is fast evolving.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For most people today, adopting a password manager, and learning about 2FA and how to use an authenticator app is a practical first step towards stronger online security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Understanding the processes helps reduce any login confusion.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For many years, logging in to websites has relied on a combination of: This system is still widely used today,&hellip; <a class=\"more-link\" href=\"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/2026\/06\/12\/login-confusion\/\">Continue reading <span class=\"screen-reader-text\">Login Confusion<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-607","post","type-post","status-publish","format-standard","hentry","category-tech-talk","entry"],"_links":{"self":[{"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/posts\/607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=607"}],"version-history":[{"count":99,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/posts\/607\/revisions"}],"predecessor-version":[{"id":772,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/posts\/607\/revisions\/772"}],"wp:attachment":[{"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monash-med74.dyndns.org\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}