Passwordless Authentication Could Cure User Verification Ills

Easy-to-guess and mismanaged passwords are still at the heart of many security issues government agencies face, and it may be time they consider passwordless authentication.

Experts warn that adopting the technology can be expensive and may face resistance among employees who rely on traditional login options, but it may offer the most secure login alternative.

The idea of going passwordless, using either biometric scans of a person’s face or fingerprint or a physical token like a smart key or card to access IT systems, is nothing new. For years consultants have said that the technology is evolving in such a way to make passwords “obsolete.” But there is a renewed sense of urgency among many, especially those who see compromised and weak passwords as one of the major, ongoing vulnerabilities for public and private sector organizations.

Sam Rehman, chief information security officer at software company EPAM Systems, said organizations could “soft launch” passwordless identity management, much like they did with transitioning users to multifactor authentication, even as some “kick and scream” about it, he said.

The move to passwordless, as with the shift to MFA, should be viewed as an ongoing “journey” or “movement” to protect users’ identities and to keep organizations secure, Rehman said, Given the intensifying cybersecurity threats, he said passwordless authentication is not a “silver bullet” but can help make security more “robust” for at least the next decade.

Read the full article here.

Discover how to ensure operational resilience against evolving cybersecurity threats: https://www.epam.com/services/cybersecurity