Password-less Authentication : Explained

Password-less Authentication : Explained

Share via :

Ever noticed the term 2-Factor Authentication. Wonder if you should use it while logging into Facebook, WhatsApp or Instagram ? or Why Apple and Google are encouraging us to prefer options like “Sign in with Apple” or “Sign in with Google”. Well, however unimportant it may sound now, the truth is we already have started our path towards Password-less Future.

While Internet has brought us together, it has also lead to mega data breaches both at individual and organisation levels. With increased traffic on the internet, the risk of data breach increases significantly. While the 2017 Verizon Data Breach Investigation Report tells us that 81% of the hacking related breaches are related to either stolen or weak passwords. The year 2020 is what many security authentication advocates consider as a potential turning point.

Types of Authentication ( MFA/2FA)

  • Type 1 – Something You Have – Includes all the physical possessions, like : keys, smartphones, USB drives, ATM Cards, etc.
  • Type 2 – Something You Know – Includes anything that you can remember and then type, like : passwords, PINs, etc.
  • Type 3 – Something You Are – Includes parts of the human body that can be used for verification, like : fingerprints, facial recognition, voice recognition, etc.

When we use any two or all the three factors from the above mentioned categories for authentication, it is termed as a MFA (Multi-factor authentication). MFA, is also referred to as 2FA ( Two-factor authentication).

MFA/ 2FA helps to add an extra layer of protection in securing our data including passwords. Withdrawing money through an ATM is a perfect example of MFA. We use a physical ATM card ( Something You Have), then enter a PIN ( Something You Know ) to verify and then withdraw our money.

What is FIDO Alliance ?

All the big organisations are already aware of the challenges passwords come with. Therefore, they have been making significant progressions to change this. FIDO ( Fast Identity Online Authentication ) has turned out to be the best bet for the future leading to password-less authentication.

FIDO, launched in February 2013, is an open industry association. Aimed at developing and promoting authentication standards, it helps to reduce our dependence on passwords. FIDO supports a wide range of technologies including biometrics and various communication standards such as NFC (Near Field Communication).

The main problem with usual authentication methods is that the passwords that we use are stored on a remote server. A hacker can get easy access to this server through Dark Web and get hold of all the important user information. FIDO, on the other hand stores all the data on the device itself, adding an extra layer of security for the sensitive data you may have on your device.

From fingerprints to the facial recognition data, to even login credentials, all comply with FIDO’s authentication standards.

iClarified

While more and more organisations start realising that passwords are a liability, many already have started the transition to password-less authentication. Microsoft and Google already support password-less standards FIDO2. Apple too has cleared its intention to support FIDO2 for Safari, starting this year.

Other companies using FIDO standards include eBay, PayPal, Facebook, Twitter and even the major banks like Barclays and Bank of America.

The Challenges

An average person uses around 40-100 username and password combinations. With so many passwords to remember, many-of-us end up using the same password over and over. As a result, majority of the password are either weak or re-used – a very bad practice which directly makes one vulnerable to data breaches and instances of stolen intellectual property.

The main challenge in establishing password-less authentication is creating digital identity – something that proves the person is who he/she say they are. Serving as a basis for trust wherever that user go in the digital world. Example : biometrics serves as our digital identity.

Kaseya

Getting access to information leaked in a data breach has become as simple as a Google search. Sites like weleakinfo.com contain data from more than 10,000 data breaches worldwide. Once stolen , credentials can be sold online for hackers to use them and access valuable information. The 2019 Verizon Data Breach Investigation Report tells 32% of all breaches involved phishing tactics while 33% included social engineering attacks which deceive human users.

Reduced Costs

Moving to password-less authentication not only helps to increase security at every level, it also has major economic benefits for companies. On an average, a call to a corporate help desk for a password reset, costs anywhere between $30- $40. While the top corporates, including Microsoft and Apple outsource their call operations to various South-East Asian countries including India for cheaper labour. Still these corporates have to spend a significant amount of money in outsourcing, considering their huge user-base.

Security Intelligence

Using password-less authentication can directly cut down these outsourcing costs in addition to better security for users. Simple math says, more the user base , more the cost cutting. That’s why we see companies like Google, Microsoft and Amazon adopting 2FA for password resets, rather than handling the requests through calls.

Conclusion

While organisations try to reduce our dependence on passwords, the core challenge that still remains is to change the user- behaviour. Urging people to understand and move to a newer form of authentication technology. Such transitions which heavily depend on user-adaptation usually can take a lot of time to be implemented broadly and completely .

With the year 2020, the term Safety already has received new definitions and meanings. Hoping that with the adaptation of Password-less authentication , safety for humans in the cyberspace too increases. So that people can explore both the physical and cyber worlds without the fear of getting trapped.

That’s all from my side in today’s edition of updated.tech. Follow Updated at all the social platforms to be informed whenever a new article drops in. Until next time, stay safe, stay engaged and stay Updated. See you in the next one.


Share via :

vipulgupta

Hi! I’m Vipul Gupta, an aspiring blogger with an obsession for all things tech. This blog is dedicated to help people learn about the latest in technology.

Leave a Reply