A Passwordless Future

Using passwords is like carrying a large set of keys everywhere you go. You can get through doors, for instance, but if you lose them, not only are you stuck and can’t go anywhere, but now somebody else might be able to use them and visit places they shouldn’t. When inefficiency happens, like in this scenario, a change is necessary. The same is true about passwords, which as a security contract, often give a false sense of security. A study found that two in three respondents will forget their passwords unless they record them, which is a big part of the problem. What is recorded in multiple forms increases the chance that it’s stolen. Likewise, more than half of Americans perform at least five password resets each month, taking 10 minutes each time. Password resets are also a key tool for attackers to breach into systems, and since it’s used so often, it’s difficult for defenders to spot anomalies.

Furthermore, as people continue to shop, work, and interact online, their passwords – and by extension, the private information they protect – are becoming more vulnerable to bad actors. It stands to reason, with all of the problems of passwords, is a passwordless future possible, and what would it take to achieve it? 

Passwordless and Zero Trust 

In the past, ring-fencing, or the process of limiting interactions between applications and their access to the internet, was the go-to strategy for cybersecurity. However, ring-fencing no longer holds the fort, and zero trust has begun to take center stage. As zero trust matures, the public continues to recognize that it is not a single product but a concept encompassing advanced technology solutions, processes, and policies. Some of the main principles of zero trust include risk detection and evaluating authentication in the context of the user’s transaction (what they accessed, where, when etc.), often called recertification.

Another chief pillar of zero trust is verifying identity frequently. And when it comes to securing one’s identity, a fundamental aspect is strong authentication. One of the primary reasons why going passwordless continues to gain momentum is the push for robust authentication, as it is a fundamental component of identifying the user. Many are now aware of the brokenness of passwords since they do not comply with the authentication principles of zero trust. Similarly, anything the password holder knows, anything they remember, a bad actor can socially engineer out of them through phishing, phone scams, or some other malicious method.

Read the full article here.

Learn how to reduce your attack surface and blast radius by implementing zero trust implementation: https://www.epam.com/services/cybersecurity/zero-trust-implementation