Security News
How passwordless authentication can benefit organizations of every size, not just enterprises. The technical requirements for Duo's Passwordless solution, and what use cases are supported.
There are a variety of roadblocks associated with moving to passwordless authentication. Further, the app owners will often resist changing them to support passwordless flows.
In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication. To enable all the various components to work together across devices, operating systems, browsers and applications.
Overwhelmingly, the desire was clear to adopt more secure and convenient methods of passwordless authentication. "A passwordless future means data breaches and identity fraud are far less likely, and the productivity and experiences of customers and employees are drastically improved. It's reassuring to see IT leaders across the globe aligned on a future where passwords are replaced by simple, easy, and more secure authentication."
At WWDC 2022, Apple has announced and previewed iOS 16 and iPad OS 16, macOS 13, watchOS 9, their new M2 chips, new MacBook Air and Pro, as well as new tools, technologies, and APIs for developers focusing on Apple's platforms. Apple extends passwordless authentication with passkeys.
Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages. A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.
"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said.The new Fast IDentity Online sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application.
Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard developed by the World Wide Web Consortium and the FIDO Alliance. "These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords," added Microsoft Identity Division Vice President Alex Simons.
World Password Day will be recognized on May 5 this year - but isn't it time to rebrand it to something more suitable for the future? We now have the technology to replace passwords with stronger, more convenient methods of authentication. Passwords are familiar to many, and it will take time for people to get used to the idea of a truly passwordless environment.
How is passwordless the solution to this issue and can we say its implementation is gaining momentum? From a security perspective, not entering a password means it's harder for a bad actor to steal credentials as it's not resident in memory, nor is it written down on a yellow sticky note.