Security News
How is passwordless the solution to this issue and can we say its implementation is gaining momentum? From a security perspective, not entering a password means it's harder for a bad actor to steal credentials as it's not resident in memory, nor is it written down on a yellow sticky note.
An identity and access management research report from Enterprise Strategy Group, finds organizations, frustrated with poor user experience and weak security, are moving towards adopting passwordless, continuous authentication. The impact of adopting passwordless authentication 40% of organizations using multi-factor authentication for customers make it optional.
38% of respondents said forgetting passwords annoyed them the most, 39% said password that had specific requirements and a further 38% said CAPTCHA tests were the most irritating part of logins. A further 27% said security questions were annoying and 20% said the same about MFA. The culprit: Account creation fatigue and forgotten passwords.
You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.
The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.
The fundamental flaw is that passwords are a "Shared secret." This means that both sides of the exchange are in on the secret and have it stored. Passwords become the proxy identifier for the users, and users often choose passwords that relate to something in their lives, including names and important dates, to make them easier to remember.
Using survey responses the cost of economic efficiencies from the use of passwordless technologies was calculated and suggests cost savings of $1.9M over conventional password-based MFA. "Enterprises continue to feel threatened in the pandemic with many feeling targeted, and this along with remote work and associated loss of productivity from password problems is driving increased adoption of passwordless technologies," said Dr Larry Ponemon. Organizations with passwordless authentication have significantly lower help desk calls pertaining to passwords.
Stanley Black & Decker has been working with TrueU since 2018, and the passwordless protection they offered "Sounded too good to be true," said Rhonda Gass, VP and chief information officer. Passwordless security is on the rise-check out our previous reporting on other companies offering tools to move us toward a passwordless future-and will likely include a mix of multifactor authentication like biometric verification, and passive signals that may ask a user for additional verification.
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. Users are able to switch on the feature by visiting their Microsoft account's Advanced Security Options, then Additional Security.
The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into their Azure Active Directory and Microsoft accounts without using a password.Instead, they can choose between the Microsoft Authenticator app, Windows Hello, a security key, or phone/email verification codes to log into Microsoft Edge or Microsoft 365 apps and services.