Due to the pandemic, several companies opted for the hybrid work approach. Fifty-eight percent of the McKinsey survey respondents had the option to work remotely. Fifty-nine percent of the Gallup survey participants still want to continue with the setup. So, companies must continue to allow multiple accesses from various endpoints. Security can be a major boardroom concern. Can passwordless authentication be the answer to this situation? In this BizTech Magazine article, Phil Goldstein shares how this format is practical for companies.
How Passwordless Authentication Can Upgrade Security
Karen Scarfone, the principal consultant for Scarfone Cybersecurity, asserts that passwordless authentication can benefit companies. “It would be most helpful in those situations where passwords are at the greatest risk of compromise,” she explains.
Passwordless Authentication Benefits
For multi-factor authentication, employees usually type in the password first. Then, they either use a biometric, token, or individual passkey. Companies want to let go of the entire password input stage in the MFA phases. Instead, they plan to add the passwordless authentication process to strengthen security.
Each user will have local credentials in the passwordless process. Usually, passcodes are stored in a central database. Cybercriminals can easily hack, steal, and reuse credentials for malicious purposes. For the passwordless authentication process, you will be authenticating the physical access to the device yourself using local passcodes.
Necessity of MFA
Though you still need to use MFA for passwordless authentication, you will not be using just your own password. It could be “a mix of biometrics, cryptographic tokens and private/secret keys,” says the author.
Passwordless authentication is much safer than MFA. However, nothing is foolproof. “There are still ways it can potentially be compromised, like stealing a user’s device and physical credentials, but it’s orders of magnitude safer than just using a password,” Scarfone says.
Fast Identity Online (FIDO) Adoption
The authentication standard – FIDO – has been created by the FIDO Alliance. This organization composes standards for identity-oriented interfaces. Interestingly, Apple implemented the alliance’s current standard – FIDO2 – in its products. Furthermore, the measure allows you to use daily mobile and desktop devices for authentication. Per the alliance, “The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).”
To view the original article, please visit this link: https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network