The Latest Wave Of Technology Vendors Implementing A Passwordless Solution – Latest Hacking News

Password management has always been a challenge for businesses, and it’s a major responsibility for ordinary users who deal with hundreds of passwords in their digital lives every day. The idea ofa Globaldot’s passwordless authentication solution The future sounds like music to everyone’s ears, doesn’t it? Of course. But before we start going 100% passwordless, let’s demystify what big tech companies want to bring.

Big Tech wants to make passwordless login available to the masses this year

“In a joint effort to make the web safer and more useful for everyone, Apple, Google and Microsoft have announced plans to expand support for a common passwordless login standard being developed by the FIDO Alliance and the World Wide Web Consortium.

That’s good news. In recent years we’ve seen Google and Microsoft talk about passwordless logins, and indeed Google and Microsoft have already implemented similar services. However, this is one of the first times that all three have openly embraced the idea of ​​using a unified standard.

Internet security has become a very important issue, especially in the world of technology. And as password crackers have taken the world by storm, big tech companies are looking for better ways to protect your web data. This is where the idea behind passwordless login came from. Rather than relying on a password or authentication code, the system relies on a specific device to give you access to your accounts.

It’s safer because bad players on the internet can’t steal your password. However, there is always a risk of losing access to your device.

What does “passwordless” mean?

Many mobile applications offer an optional fingerprint login; if you accept, log in with passwordless authentication. If you have Windows Hello enabled on your laptop, you might find it handy to use facial recognition to sign in, right? This is passwordless authentication. As long as an alternative login method does not require a password, a passwordless method is used.

However, there are a few interesting observations about this concept:

  • The absence of a password does not necessarily mean that the password will be removed, but that a passwordless user experience will be offered. If your alternative authentication method (e.g. face recognition) fails, the password is usually still there.
  • The passwordless methods used on the phone and the laptop are not interoperable. If you log in to your mobile banking application with your fingerprint and now need to access it from your computer, you will need to enter your password.

The reality is that passwords aren’t going away anytime soon. Websites, streaming subscriptions, laptops, bank cards, and bank websites all use passwords, each with different requirements, such as: B. length or a certain character combination.

“Passwordless Authentication”: a step towards a safer future?

As organizations increasingly adopt cloud strategies, traditional authentication methods may not provide the security required. Threat actors already know that many people reuse passwords, and security teams constantly battle the uphill battle of password hygiene.

Although passwords have a long history of use, best practices have evolved. Read on for our breakdown of the history of password strategies and what was accomplished at each milestone.

The Birth of Passwords

In the early days of computing, passwords were primarily used to grant access to internal network systems. Teams used to sit behind closed doors because they took up an entire room. Passwords were used to control people’s time via the central computer, but the key to the room was the authentication process itself.

The development of the authentication process

As desktops became the norm for business processes, passwords and authentication had to evolve. Back then, passwords provided access to both a physical device and internal organizational networks. This is because the computers were still physically connected to the local area network (LAN) via an Ethernet cable. Without a wireless connection or the ability to access the LAN from the outside, password authentication on the device acted as a secure connection.

The internet (and the cloud) is changing everything

In recent years, wireless connectivity and cloud adoption have changed everything about passwords. Passwords and authentication have created new attack vectors for threat actors. With a password, they could access company resources from anywhere in the world.

Password strategies are becoming increasingly complex. Organizations must now establish and enforce policies on:

  • password length
  • A combination of uppercase and lowercase letters
  • the use of numbers
  • The use of special characters
  • Password rotation periods

With these new requirements, many people used easy-to-remember passwords and often used the same password in multiple places. By doing so, they subverted the purpose of password policies and gave attackers the ability to steal credentials or engage in dictionary attacks.

In an attempt to mitigate these new risks, organizations have begun to adopt them Multifactor authentication (MFA), which requires users to use a combination of two or more of the following:

  • Something they know (a password)
  • Something they have (a token or a smartphone)
  • Something about you (biometrics)

Unfortunately, malicious actors can still find ways to bypass these controls. For example, they often use social engineering attacks to intercept, impersonate, and forge text messages. Eventually, even the best security practices become problematic and inherently risky.

The step to password freedom

As threats evolve their strategies, organizations must keep pace and protect digital assets. Thus was born the move to the lack of passwords. While it’s easy not to confuse passwords with multifactor authentication, the latter is just one part of a passwordless strategy. Passwordless authentication makes the “something you have” factor the primary way to authenticate in an environment.

Here are some examples of passwordless authentication strategies:

  • One Time Password (OTP)
  • Unique link sent via email
  • Persistent cookie
  • secret PIN
  • SMS or code generated by an application
  • Public Key Infrastructure (PKI) Personal Authentication Certificate
  • Biometric authentication

Conclusion:

Passwordless login is not a new idea; Hundreds of companies and service providers already offer standards compatible with billions of devices and browsers. It’s a notable move, however, given that Google, Apple, and Microsoft are the three (if not the) biggest tech companies out there. Therefore, bringing more support for FIDO passcode technology to your devices will be a big step for the standard.

These companies say that working with a standard sign-in method is critical to creating a secure alternative. This allows each device to offer users the same level of security. FIDO is also working to support more devices for its password systems, which is another important improvement.

As I mentioned before, Google has already been working on passwordless login. But to see these three tech companies embrace and accept the FIDO standard is good news for consumers worldwide.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *