The quest to get rid of passwords
With average total cost of a data breach continuing its way up year over year, the Big Tech companies are focusing on privacy, data protection and information security policies implemented by default. While businesses are looking to add new security layers and protect against all risks associated with a breach.
In a joint effort to make the web more secure and usable for all, Apple, Google, and Microsoft announced plans in May to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
The FIDO Alliance, develops open and scalable technical specifications that allow people to access websites and apps through a common protocol. This means any company can use FIDO standards to implement technologies, like passkeys, for secure authentication.
A passkey is a FIDO login credential, tied to an origin (website or application) and a physical device. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor. This technology aims to replace passwords as the primary authentication mechanism.
Reducing IT Costs and Complexity
The transition to password-less authentication can be a potential way to reduce IT costs and save time troubleshooting security concerns. But challenges remain even for those eager to make the shift.
For many businesses, replacing passwords will be a difficult decision to make, as it may not fit their current policies and norms of what they believe to be cyber security best practices. The end result may be a mix of integrated passwordless authentication with legacy cybersecurity procedures in place. But if we are led to believe the FIDO Alliance, shifting to a world without passwords will do wonders to reduce cybersecurity related issues in the enterprise.
The transition to password-less authentication is unstoppable in the workplace, where in the past, users had to manage, store and remember multiple passwords for many accounts. This is not only a burden to them, it has significant security ramifications. To address these, vendors are coming up with different strategies to eliminate passwords. Users are now able to use their smartphones to authenticate sign-ins, and the system is expected to unlock access across different platforms.
Going forward, Managed Service Providers will have to come up with plans strengthening security across the board while reducing complexity when rolling out password-less authentication to their clients.