Security News > 2023 > April > Why it’s time to move towards a passwordless future

Most organizations put the burden on their users to mitigate the risks associated with password use: they require their employees or customers to create longer/stronger passwords and force frequent password changes.

To be clear, there is no such thing as a "Secure password." Adversaries use social engineering techniques to trick users into handing over their password or deploy malware to steal them.

Malware is equally able to steal a three-character password or a three-thousand character passwords.

The same login flow is there, the only difference is that that password comes from the password manager versus the user typing.

Password managers protect the password database with - you guessed it - a password! If an attacker is able to steal this main password, they have access to all your passwords.

One-time passwords sent over email or SMS and magic links are easily phished, and push notifications are subject to social engineering tactics such as "Prompt bombing" attacks where the adversaries send multiple requests to the users who suffer from "Push fatigue".

News URL

https://www.helpnetsecurity.com/2023/04/11/move-towards-passwordless-future/