Per the World Economic Forum, cybercrime ranks first among “human-caused” risks and, by the end of 2021, will cost an estimated $11.4 million every minute. Can conventional password-based cybersecurity practices stem this digital onslaught? Many experts say no – especially as the pandemic-accelerates the move to remote work, ushering in a lasting era of Zero Trust IT.
What is passwordless authentication? In simple terms, passwordless techniques shun elaborate sequences of numbers, letters and symbols in favor of some combination of a public identifier (username, email address, phone number) and secure proof of identity.
What constitutes proof of identity? Either ownership, meaning the user – and only the user seeking access -- owns or possesses something unique (code, token, link). Or a concept known as “inherence,” meaning data unique to the user seeking access (typically, biometric data). Here are three common examples:
- Magic Links – the authenticator – i.e., network or database owner/administrator – sends a special link via email that expires shortly after delivered.
- Code by Text (SMS) – like magic links, but the authenticator sends a special, expiring set of numbers and/or letters by text message.
- Biometrics – a device – e.g., smartphone, tablet or laptop – verifies the user’s face or another unique biometric trait such as a fingerprint.
Today, in most systems passwordless methods are paired with passwords for multi-factor authentication techniques, which means the password may be dying but is still kicking for the foreseeable future.
Need a hand implementing passwordless cybersecurity measures for your business? Give us a call.