Live Now:
Menu
Menu
Menu
100Passwords | Number of passwords that the average computer user has to manage as they go about living their daily lives.https://www.techradar.com/news/most-people-have-25-more-passwords-than-at-the-start-of-the-pandemic |
Phone- or device-based FIDO2 authentication is one increasingly popular variety of passwordless authentication.
Individuals and companies alike are increasingly pursuing passwordless authentication workflows to replace older username-password methods for logging in and authenticating to computing resources.
The reason for this is that passwords are no longer as simple and easy to manage as they once seemed to be. In the early years of computing, when users had only one or two passwords to remember and the number of attackers was low, passwords were an obvious security solution.
Today, however, with most computing resources connected to the public internet, the number of attacks and attackers is both massive and global, so passwords must be stronger—which also means harder to type and harder to remember. Worse, with the rise of cloud computing, most users are no longer managing just one or two passwords, but rather dozens to many dozens.
As a result, passwords have become increasingly unmanageable as a method for controlling access to computing systems.
Passwordless solutions replace passwords with other identifiers that are easy to manage. Common passwordless solutions include hard tokens like YubiKeys, biometric authentication like fingerprint or face scans, proximity-based solutions that require a "known" authenticating device to be near the computing resource, and behavioral biometric solutions that recognize users based on typing style, and FIDO2 workflows that may leverage one or a combination of these to prove identity in a standardized way.
FIDO2 in particular has done much to accelerate the adoption of passwordless forms of authentication by standardizing the ways in which passwordless solutions communicate with systems as they replace or supersede standard username and password prompts.
Note that passwordless solutions are not always panacea; device-based passwordless solutions in particular are vulnerable to theft, particularly in the case of small devices like YubiKeys that can easily be snatched and pocketed in the blink of an eye.
Passwordless authentication refers to identity assessment and authentication without the use of a password to gatekeep resources. Examples of this include something physical, like a fingerprint, phone code, or a wearable token, or a continuous identity signal that allows verified users to proceed based on factors like behavioral biometrics and location.
