This year’s World Password Day reminded us that companies around the world need to consider the strength of their authentication practices. password At login, it is no longer the only option to secure access to your system. application And devices – in fact, they haven’t been used for some time. Despite its inherent weaknesses, passwords are tolerable because they can be used anytime, anywhere, on any device. To ensure a better protection and improved user experience and realize a password-free future, new global authentication standards implemented extensively by all major OS / browser vendors will be adopted.
The passwordless future requires a lot of work from different players in the industry, but passwordless is beginning to become a top priority for businesses. In fact, Gartner predicts that 60% of large, global enterprises will have no passwords in more than half of their use cases by 2022. This rises to 90% for medium-sized businesses. This proves that no password is a top priority, but is your organization really ready?
Larger attack surface
The biggest reason to introduce multi-factor authentication (MFA) is Security The rise in the hybrid work environment last year has contributed to this. In fact, nearly half (49%) of people surveyed in a recent survey show that they are likely to increase their use of 2FA / MFA for security reasons.
As more devices access systems and applications from more locations, enterprise IT assets grow and potential attack surfaces expand. Enterprises are well aware of the impact this has on risk, but they were causing problems before passwords accelerated. Remote work.. This expanding attack surface also draws attention to the need for enterprises to protect all users, not just privileged users.Violations over and over again prove to be low level employee Being an “invasion” of an adversary can leave an organization vulnerable.
Phishing, Credential stuffing, and other cyber threats pose a high risk to the enterprise data Violation over the years. By making passwords the only key to the kingdom, businesses face consequences when those passwords are compromised.
Ease of use element
Nevertheless, the password will survive. The clue as to why is in the user’s behavior. There are security reasons to use strong two-factor authentication (2FA), but it should be convenient for large numbers. Mobile-based authenticators and SMS-based MFA are one of the most adopted MFA technologies, but the registrant’s mobile billing in the receiving area for mobile use and an exact copy of the one-time code. Depends on.This inconvenience has proven to be a barrier to recruitment SMS Code or “copy and paste” one-time passcode.
This represents a potential usability issue for organizations currently planning or deploying MFA solutions.
Nevertheless, reducing password reliance is a step forward. Adding something the user knows (such as answering a question) or what they have (such as a one-time password or OTP) enhances security, but these measures eliminate all risks. It does not mean. Memorable words / answers can be phished like passwords, but OTPs sent using SMS can be vulnerable to “SIM swap” scams. Have it Even mobile push apps can be phished.
Additional factors can come from who the person is (biometric identifiers such as fingerprints and facial anatomy) or what the person has, such as hardware-based security keys. These additional factors make it much more difficult for an attacker to evade remotely. Recent developments have made it easier for enterprises to adopt and implement MFA, and security standards such as FIDO2 and WebAuthn are already supported on major OS platforms and browsers (at this scale to reduce password reliance). Requires a technology stack).
The open authentication standard, FIDO2, is an extension of FIDO U2F that offers the same level of security based on public key cryptography and a highly phishing-resistant protocol. WebAuthn is a core component of FIDO2 and the first globally recognized standard for web authentication. Together, they promote the cause of MFA through accessible integration.
The road to stronger authentication
Companies looking at where to start should consider a hybrid approach to passwordless authentication. This does not mean that all current infrastructure needs to be overhauled. This is especially important because so many enterprise infrastructures consist of a mixture of legacy on-premises systems and private or public cloud-hosted services.
A hardware-based security key that supports multiple authentication protocols can provide a bridge to this passwordless journey. Administrators can allow self-service registration. The security key can also be pre-registered with the user before being distributed to remote workers. Employees are more likely to adopt a new security approach that is easy to use and ready to use out of the box without having to install a variety of additional software and apps. In addition, self-service and self-recovery options can be easily enabled, reducing the demand for IT support.
While there are promising signs that businesses are taking a step towards a passwordless future, there is still much to do. World Password Day reminds us that the use of passwords is widespread and still causes problems in the ongoing fight against cyber threats. Companies investing in passwordless technology need to consider ease of use, compatibility, and ease of implementation in addition to security when making choices. With the right approach, strong MFA can better protect corporate networks and systems and provide users with a smooth authentication experience. Perhaps one day we’ll call it World Passwordless Day …
