Security News

Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolving or becoming obsolete.

GitHub announced today the introduction of passwordless authentication support in public beta, allowing users to upgrade from security keys to passkeys. To activate passkeys on your account, click your profile photo in the top-right corner of any GitHub page.

Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. One way to accomplish this is by communicating the benefits of passwordless authentication to stakeholders with use cases that illustrate how the friction they currently experience in their day-to-day workflows will be eliminated.

Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. This, in turn, can be achieved by simply unlocking their computer or mobile device with their biometrics or a local PIN. "And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes," Google noted.

"We've begun rolling out support for passkeys across Google Accounts on all major platforms. This means users can now take advantage of passkeys across Google Services for a passwordless sign-in experience," said Google product managers Christiaan Brand and Sriram Karra. For now, passkeys will be just another Google signing-in option to ensure that you have a fallback method and can log in using a password when you don't have access to your device or if it doesn't support passkeys.

Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password. Passkeys, the newest and most secure passwordless technology, are poised to do just that, transforming our online lives by making logging in simpler to navigate and far more secure.

Most organizations put the burden on their users to mitigate the risks associated with password use: they require their employees or customers to create longer/stronger passwords and force frequent password changes. To be clear, there is no such thing as a "Secure password." Adversaries use social engineering techniques to trick users into handing over their password or deploy malware to steal them.

There are a variety of roadblocks associated with moving to passwordless authentication. End users push back when you ask them to abandon the familiar password-based login page, while app owners resist changing them to support passwordless flows.

In this Help Net Security video, Jason Kent, Director at Open Seas, explains why FIDO and passwordless authentication is the future. He dives deep into the technical reasons and explains why physical FIDO authentication is safer than other software/app/SMS solutions.

Secret Double Octopus and Dimensional Research surveyed over 300 IT professionals with responsibility for workforce identities and their security at organizations with more than 1,000 employees, to learn more about the different methods to secure employee identities, the state of workforce passwordless authentication and multi-factor authentication usage. This Help Net Security video showcases how next-gen passwordless solutions have the potential to deliver stronger security outcomes than existing MFA or traditional passwordless approaches.