Security News
"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said.The new Fast IDentity Online sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application.
Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard developed by the World Wide Web Consortium and the FIDO Alliance. "These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords," added Microsoft Identity Division Vice President Alex Simons.
World Password Day will be recognized on May 5 this year - but isn't it time to rebrand it to something more suitable for the future? We now have the technology to replace passwords with stronger, more convenient methods of authentication. Passwords are familiar to many, and it will take time for people to get used to the idea of a truly passwordless environment.
How is passwordless the solution to this issue and can we say its implementation is gaining momentum? From a security perspective, not entering a password means it's harder for a bad actor to steal credentials as it's not resident in memory, nor is it written down on a yellow sticky note.
An identity and access management research report from Enterprise Strategy Group, finds organizations, frustrated with poor user experience and weak security, are moving towards adopting passwordless, continuous authentication. The impact of adopting passwordless authentication 40% of organizations using multi-factor authentication for customers make it optional.
38% of respondents said forgetting passwords annoyed them the most, 39% said password that had specific requirements and a further 38% said CAPTCHA tests were the most irritating part of logins. A further 27% said security questions were annoying and 20% said the same about MFA. The culprit: Account creation fatigue and forgotten passwords.
You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.
The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.
The fundamental flaw is that passwords are a "Shared secret." This means that both sides of the exchange are in on the secret and have it stored. Passwords become the proxy identifier for the users, and users often choose passwords that relate to something in their lives, including names and important dates, to make them easier to remember.
Using survey responses the cost of economic efficiencies from the use of passwordless technologies was calculated and suggests cost savings of $1.9M over conventional password-based MFA. "Enterprises continue to feel threatened in the pandemic with many feeling targeted, and this along with remote work and associated loss of productivity from password problems is driving increased adoption of passwordless technologies," said Dr Larry Ponemon. Organizations with passwordless authentication have significantly lower help desk calls pertaining to passwords.