Security News
You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.
The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.
The fundamental flaw is that passwords are a "Shared secret." This means that both sides of the exchange are in on the secret and have it stored. Passwords become the proxy identifier for the users, and users often choose passwords that relate to something in their lives, including names and important dates, to make them easier to remember.
Using survey responses the cost of economic efficiencies from the use of passwordless technologies was calculated and suggests cost savings of $1.9M over conventional password-based MFA. "Enterprises continue to feel threatened in the pandemic with many feeling targeted, and this along with remote work and associated loss of productivity from password problems is driving increased adoption of passwordless technologies," said Dr Larry Ponemon. Organizations with passwordless authentication have significantly lower help desk calls pertaining to passwords.
Stanley Black & Decker has been working with TrueU since 2018, and the passwordless protection they offered "Sounded too good to be true," said Rhonda Gass, VP and chief information officer. Passwordless security is on the rise-check out our previous reporting on other companies offering tools to move us toward a passwordless future-and will likely include a mix of multifactor authentication like biometric verification, and passive signals that may ask a user for additional verification.
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. Users are able to switch on the feature by visiting their Microsoft account's Advanced Security Options, then Additional Security.
The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into their Azure Active Directory and Microsoft accounts without using a password.Instead, they can choose between the Microsoft Authenticator app, Windows Hello, a security key, or phone/email verification codes to log into Microsoft Edge or Microsoft 365 apps and services.
We've known for some time that passwords are nearing the end of their usefulness, and a passwordless future is often discussed despite the fact that passwords continue to be the standard. With all of us still using passwords in our daily lives it's hard to see passwordless security as a readily available technology, but it is.
As companies nudge their staff to return to communal workspaces, many workers don't actually want to - more than 50 percent of employees would rather quit, according to research by EY. While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft - how to make the new normal of the hybrid workplace secure. In a hybrid workplace, a Zero Trust strategy means ever-tightening security.
As companies nudge their staff to return to communal workspaces, many workers don't actually want to - more than 50 percent of employees would rather quit, according to research by EY. While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft - how to make the new normal of the hybrid workplace secure. In a hybrid workplace, a Zero Trust strategy means ever-tightening security.