Moving away from passwords - PASSWORDLESS AUTHENTICATION
Technology | May 21, 2020
Are we talking about multi-factor authentication here? No, not. Many times, we often get confused between multi-factor and Passwordless authentication. Multi-factor authentication is an additional layer to enhance security, while Passwordless is a highly secure authorization activity integrated with technologies like “Biometric” to authenticate faster without the hassles of remembering passwords.
The world is going through an epidemic and with a large global workforce working from home, the cybersecurity threat is at its peak. Companies and CISO’s are exploring ways to provide a secure work environment. Passwordless is discussed and implemented among large enterprises for the last couple of years and the time is appropriate for mass adoption.
As our digital footprints grow day by day, maintaining passwords itself is a tedious job. To keep it easy, users employ single passwords across applications. With data breaches and hacks, these exposed users across platforms and placed enterprises at risk. So, a simpler, stronger, user-friendly authentication method is the need of the hour. Passwordless helps to accurately verify the user’s identity and eliminate the risk of compromised credentials.
Major techniques and practices followed include
- Magic link login authentication
- Token-based login
- Time-based OTP (TOTP)
In 2015, World Wide Web Consortium (W3C) and FIDO (Fast Identity Online) alliance announced WebAuthn as the open standard for password-free logins. And in 2019 W3C declared web authentication API (WebAuthn) as the official web standard. Major players and contributors of W3C include enterprises like Apple, Google, and Microsoft and they supported the introduction of WebAuthn.
HOW IT WORKS
The implementation will allow users to authenticate using biometrics, mobile devices, and FIDO security keys. FIDO2, the newest set of specifications from FIDO Alliance enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. It addresses the issues of traditional authentication by
- Having the credentials in the user’s device instead of storing in server.
- Allowing users to with simple authentication methods like biometrics, security keys, etc.
- Providing unique FIDO cryptographic keys for each internet site.
- Enabling scalable integration model supporting all major browsers and platforms.
The top Passwordless authentication technologies, ready for implementation are biometrics, behavioral analytics, zero-knowledge proofs, QR codes, and security keys
- Better security: With users having the ownership of authentication on their side, eliminates the security issues with stolen passwords and data breaches.
- Seamless authentication: No more complex passwords to create, remember, and the challenges of reset. Use simple Passwordless authentication factors.
- Reduced cost: Managing passwords itself is a million-dollar investment. As the request for reset passwords arises the expenses too. Enterprises can enable techniques related to Passwordless to reclaim the time and expenses.
- Enhanced productivity and user experiences: Both employers and employees can forget the long support activities now in place for resetting the password. Platforms can retain their users as they will be able to engage hassle-free with their products
Passwordless is one step closer to solve the security on the web. Moving away from the hackles of the password itself is a major step. With stronger security and simple user login experiences, the demand for this technology is increasing. To be in the trusted network, enterprises need to adopt technology capabilities that help them to keep up with the emerging challenges in security, privacy, and consent controls. With benefits like better security, reduced cost, digital transformation, and increased usability, Passwordless provide users with an enhanced and secure digital ecosystem.