No one is happy with the prospect of clearing their cookies to solve an IT problem. This is because this process means that they will automatically lose access to all websites and applications on the web, and who can remember all these different passwords?
You made all these passwords different from each other, didn’t you?
On World Password Day on May 5, security experts and technology companies took the opportunity to update the industry on the initiatives they are taking to create a future that provides us with no passwords. It can’t come soon enough.
The problem with passwords
Reused passwords have been the leading vector in cyber attacks over the past few years, according to SpyCloud Annual Identification Report 2022. The report also notes a 64% reuse of passwords for users with more than one password in the last year.
But how do you remember all these passwords? NordPass study for 2021
shows that the most popular password for this year is “123456” and the fifth most popular password is “password”.
It is clear that something has been broken in the world of passwords, and for a long time. And while multi-factor authentication has provided an extra layer of security for organizations, it also speeds up productivity, causing workers to stop what they’re doing to enter code or provide a fingerprint. The more inconvenient security measures are, the more likely consumers are to find a way around them. For example, users reuse passwords.
Move to discard passwords
“Completely eliminating passwords once sounded like a bold idea,” said Greg Stucklin, vice president and general manager of North America at WSO2, which makes an identity server, among other solutions. “This is no longer the case, especially when you consider Verizon’s 2021 data breach investigation report. He noted that vulnerabilities with credentials such as usernames and passwords account for more than 84% of all data breaches.
Stuecklin says there are easier and more efficient ways to authenticate users, including login alternatives such as Fast ID Online 2.0 (FIDO2) or biometric data, security keys and plug-in verifiers.
Mark Rucci, CISO at Entrust, a digital security and data protection company, says mobile push tokens based on credentials and various forms of biometric data can create a smoother employee experience and a simpler, simpler strong security infrastructure with less surface attack for a wide range of threats.
“As cyberattacks become more complex and new technological talents become less and less, businesses are realizing that passwords are a headache not only for IT departments but also for employees. “They are a curse in the life of every CISO.”
Apple, Google, Microsoft are expanding support for FIDO
In honor of World Password Day this week, a trio of technology giants pledged expanded support for FIDO. Apple, Google and Microsoft have issued a statement to speed up the availability of login without passwords, according to a statement
issued by the FIDO Alliance. These three technology giants already support Alliance standards, but this week’s announcement adds two new features – allowing users to automatically access their FIDO login credentials or device passwords without having to re-register each account. and allows users to use FIDO authentication on their mobile devices to access an application or website on a nearby device, regardless of the platform or browser of the OS they use. The new features will be available on Apple, Google and Microsoft platforms next year.
Google Secure Certification Director Sampat Srinivas said in a Google blog post that the company will implement password-free support for FIDO login standards in Android and Chrome.
On his Microsoft Tech Community website, Alex Simons, vice president of product management for the Identity and Network Access department, wrote that the company is introducing several new features, including password-free Windows 365, Azure Virtual Desktop and Virtual Desktop Infrastructure. These features are currently being previewed with Windows 11 insiders, according to Simon.
Windows Hello for Business Cloud Trust is a new deployment model that can remove previous public key infrastructure requirements and synchronize public keys between Azure Active Directory and local domain controllers. Microsoft Authenticator will now allow multiple accounts instead of just one, starting later this month on iOS devices, and Android will come after that. In addition, Microsoft will add a temporary access pass to Azure AD next month. This is a time-limited password that allows organizations to use a temporary pass pass to set up new Windows devices instead of using a password.
These achievements should mark a welcome change for consumers, both in businesses and consumers, who are frustrated by trying to remember multiple passwords.
“On World Password Day, let’s commit to freeing users from passwords and instead giving them advanced alternatives that make it easier to always protect their and your data,” says Stuklin.
What to read next:
Corporate browsers promise improved security, performance
Managing cyber risks in today’s threat environment
How Enterprise Tech evolved 20 years after 9/11