Passwordless security is here

The challenge with usernames and passwords, as we all know, is that we have to make them, remember them, maintain them, change them, store them and sometimes even exchange them with others. Passwords are a pain, but we need them. So what can be done about this?

Since we have passwords for virtually anything we need access to, the average user has over 100 passwords. This means that there are potentially 100+ exposure points per user if the passwords were compromised.

Additionally, passwords are generally not under the user’s control because they are set on someone else’s system, like a service provider. The service provider then has the responsibility not to lose the user’s password.

History tells us that the service provider inevitably has a breach that exposes the user’s passwords. The hackers then use the passwords on the service provider’s and other sites, as the same password has often been used on various sites.

Imagine a world where we don’t have to remember passwords

picking-passwords-from-code

Imagine a world where we don’t have to remember the password, but we still secure access to what we want. We don’t have to change the password every time the company that provides us with the service gets breached. We don’t have to store a myriad of passwords and remember which one is used for which application or website.

Currently, passwords are one consistent support overhead for IT departments globally. It is estimated that between 5-15% of resources are used for password management and credential management related problems. Noting the ability to automate this function, this is a total waste of valuable resources.

Over the next five years, this is precisely the challenge that the major internet companies are working on so you and your users can access your system seamlessly but securely.

Biometrics use to be so prohibitively expensive that it was impossible to adopt fingerprint, facial recondition or any other biometric platform for authentication purposes, but the rise of the smartphone has changed that. Biometric has become so pervasive that at least half of the world’s population has access to this technology.  Yet we still use passwords… why?

The answer is simple: there has not been enough understanding, motivation and adoption to secure users with something better than passwords. The level of education and language used between the people making the technology and the people consuming is not aligned. If users demanded no passwords and suppliers and service providers heard this, they would have to provide a passwordless solution.

Let’s change to better security

Many developers and dev teams don’t know about authentication systems because the specification says to build a login system, and they don’t consider making the system passwordless. Someone has to be brave and make the leap to all start to move to passwordless.

If a user does not have a password, they can’t lose the password, they can’t forget the password, they will not share a password they don’t have, and they will not lock themselves out because of all the things users do.

It’s possible to go passwordless with free products, but as we all know, we need the skills and assurance that free means free, and there are always people involved that need to build and support the systems. It is recommended that a paid-for solution be sought as the replacement of passwords is a critical function, and organisations will require support and assurance that the passwordless system can be supported and maintained.

So how does this all work?

In simple terms, the industry replaces a password with a person or a device. Either you are the password, or the device you are using is the password together with something that identifies you to the device, so the device knows it is you that is using it.

There are many ways to do this, but without going into the technical details, which will be too detailed for this article, some smart people at GETIDEE, Microsoft, Google, MIT and other good renowned technology entities have found a way to make your device authenticate you every time you need it to.

If developers adopt the theory of passwordless and users are given the option to use it, people will start adopting this form of authentication. Therefore, the whole system needs developers to adopt new methods of passwordless authentication.

This is what we already have:

  • If you are a Windows user, you can link your credentials to Windows Hello, a built-in system that allows users to link hardware that takes biometric authentication credentials and links them to traditional credentials. Not quite passwordless as it’s based on an underlying password that could get compromised, but a step closer to obliterating the password.
  • If you use an IOS or Apple device, they figured out long ago that passwordless was the way to go, so the Apple team has also invested in building in facial, and fingerprint recondition into phones, tablets and laptops. Again, also still linked to a pin or password, but a stepping stone to eventually removing the password.

The future is here now. There is a way to have convenience and security at the same time.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: