Security: How “Passwordless” Authentication Increases Security

Security: How “Passwordless” Authentication Increases Security

Passwords are often not as secure as you might think, with 80% of today’s security breaches being attributed to the humble password.

Some of the issues with passwords

• Re-use of the same password across multiple logins
• Storing passwords in the browser
• Writing passwords on a piece of paper near a device
• Brute-force attacks, trying multiple combinations
• Key capture spyware/hardware

It’s pretty scary how fast passwords can be “cracked”

Click here to get an idea of how secure your password is. Common words and patterns are especially likely to be guessed:

Reusing passwords is a really bad idea

If you really want to scare yourself, you can check your own email against known “caches” of hacked data to see whether it might be time to change your passwords. Find out more here.

Taking things to the next level with quantum computing

A recent breakthrough in “quantum computing” has the potential to shake up the entire security landscape. It provides the ability to crack passwords and break strong cryptography in a fraction of the time required by even the most powerful of today’s computers. Find out more in this article by New Scientist.

“Biometric” logins as an alternative to passwords

Using your fingerprints or facial dimensions to unlock your phone or computer, for example. But this is not entirely fool proof, as this video of a 3d printed face being used to unlock popular models of phones demonstrates:

So how can organisations deploy secure authentication?

“Single Sign-On” (SSO) enables an administrator to manage user access to systems without ever revealing passwords, using just one set of credentials to access every login.

This of course means that you will need a “master password” or method of authentication, which is where “multi-factor” authentication comes in – by combining 2 or more authentication methods together such as secure passwords with biometric, SMS, device recognition, authenticator app, IP restriction, email verification and others, you can exponentially increase security while reducing friction for users.