What’s Prompting Experts to Predict the Demise of Passwords?
You’ve heard it before. Cybersecurity experts have anticipated the end of passwords for almost as long as passwords have been around. But this time, especially as most organizations move to two-factor authentication, which is an intermediate step to passwordless security, the end really does seem near. Meanwhile, tech giants Google, Apple and Microsoft recently announced efforts to support passwordless sign-in standards set by the FIDO Alliance and the World Wide Web Consortium. That could give passwords a final shove out the door.
Why is Password-Only Authentication a Security Risk?
Qwerty. 12345. Password. Many people aren’t good at coming up with strong passwords, and even more may reuse passwords for multiple services. Hackers can crack passwords through brute force. But the biggest risk with password-only authentication is single-factor authentication. Two-factor authentication resolves this with a second layer of defense, forcing users to confirm both something they know (a password) and something they have (a cellphone).
Click the banner to unlock exclusive security content when you register as an Insider.
How Does Password Spraying Work?
Attackers repeatedly attempt to compromise password-only accounts, especially internet-exposed services. They’ll use a list of common usernames and passwords in hopes of finding a match. Then they will “hope and spray” millions of passwords to try to find one that works.
How Can an Organization Start to Prepare for a Passwordless World?
Start by putting two-factor authentication in place. That will require you to set up the necessary infrastructures and learn more about passwordless authentication. You can also learn about industry-standard services such as the trusted platform module and FIDO, which offer strategies for replacing passwords.
DISCOVER: Find out 3 important considerations for Using Multifactor Authentication.
What is a Passkey and How Does It Work?
A passkey is typically a PIN that’s part of public-private key cryptography. It’s a private key that unlocks an account secured by a public key. A public key cryptographically linked to the private key is then verified, providing secure, passwordless authentication.
What do businesses need to know about single sign-on solutions? Find out at biztechmag.com/SSO.
