Why passwordless is not always passwordless

2021-05-20 05:30

With passwordless authentication, users are presented with one or multiple methods of signing into an application or device without the need to enter a password.

With these emerging passwordless authentication solutions, passwords are frequently the fallback or fail-safe if the system denies access to a valid user.

In large organizations, it's almost impossible not to have systems or applications that require a password for authentication.

Organizations must carefully evaluate passwordless systems as they strive to improve security and understand that passwords are often still a factor.

With these challenges, a better strategy for organizations is to adopt a hybrid approach to authentication where passwordless is judiciously introduced to reduce user friction and increase security, while still diligently pursuing techniques and practices that strengthen the passwords, which will invariably continue to underlie these "Passwordless" solutions for some time to come.

Remember, the problem with passwords is down to poor password policy adopted by organizations coupled with user behavior rather than the actual password.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9cth5L6Ry90/

#passwordless