1. Blog
  2. Cybersecurity
  3. “Passwordless” authentication

“Passwordless” authentication

The world has changed. Digitisation in companies is no longer restricted to the CRM or ERP system. Today’s companies are on a fast-moving digital highway and are using a wide range of applications, increasingly in the cloud. However, the ‘cloud’ does not take away the security risks. Companies remain responsible for a large share. Access to the cloud applications for example. More than 80 percent of all cloud breaches are caused by weak or stolen passwords or by misuse of login data. It is therefore crucial for companies to have a good login strategy. Are passwords outdated?

History of the password

Passwords have been around for centuries. The Romans used passwords to protect access to their camps. In the war they not only used a password, but also a “counter password”; for example, during the first days of the liberation in Normandy soldiers used a kind of challenge – response system whereby the password ‘flash’ had to be answered by ‘thunder’. If the correct answer could not be given, they knew it was the enemy. These combinations were changed every 3 days to stop them falling into the wrong hands.

Computer passwords have also been around for a while. Fernando Corbató is considered as the inventor of the computer password. In 1960 he introduced the idea to put a password on the Compatible Time-Sharing System (CTSS) of the Technological Institute of Massachusetts (MIT). Primarily not just to protect data, but also to limit the time slot of users; computer time was valuable and restricted at the time.

Are passwords still safe?

Methods for retrieving and breaking passwords have been around since the creation of passwords. In the early years of the computer password, this was limited to guessing simple passwords or watching on the keyboard while it was being entered. Today this is somewhat different. We do everything online nowadays; from social media, watching TV/movies, listening to music, booking a hotel or taxi, to switching on the heating, performing bank transactions, storing personal or company data. We protect all these services with a series of letters, symbols and/or numbers, often with a simple word that we can easily remember to make it easy on ourselves. Passwords such as “Password123*” or “Winter2019” are still being used all too often.

A top 3 password hack method today is Password Spraying. The principle is simple, an attack on a huge number of accounts with an obvious password. By attacking a large number of accounts, the chances of success are real and often security systems and password policies are not alerted because the number of login attempts per account is very low. Phishing also belongs in this list. Phishing is when people try to get hold of your data with all kinds of credible messages.

Can it be safer?

More and more systems can be secured with other methods than the known password that consists of letters and numbers. Multi-factor authentication (MFA) requires you to authenticate with a second factor in addition to your normal password, i.e. answering a phone call, a PIN code that you receive via SMS or a “push notification” via an app on your smartphone. This principle is based on ‘Something you know’ (your password) and ‘Something you have’ (your smartphone/ mobile number).

Nowadays, everyone should at least secure their login data with an MFA solution, but despite the fact that this is already more secure, this system still works in combination with traditional passwords or PIN codes and that remains the weak link in the authentication process.

A future without passwords?

Passwordless goes a step further and can make the authentication process happen entirely without the traditional password. By using biometric data such as facial recognition or fingerprints, unique personal characteristics can be used to access a system. Passwordless authentication requires a unique combination of a device (Something you have) and your biometric data (Something you are) to gain access.

In addition to well-known applications such as gaining access to a smartphone or tablet, desktop computer systems and cloud and internet services are also increasingly being equipped with the possibility of passwordless authentication.

Passwordless is, without a doubt, safer than a password, but it is also easier to use, faster and more efficient. Can we ban all passwords from our lives today? Absolute not, but we’re at the dawn of a new era where other methods will be used to identify ourselves. Biometric authentication is no longer science fiction, and is ready to enter into everyday life, both privately and in the workplace.

Want to know more about this topic? Contact us by sending an email to expert@orangecyberdefense.com.

Share the post