Secure your small business:
Apps → Data →

Passwordless

Quick definition  ⓘ
Why it matters: Because users have too many passwords to manage; because IT support overhead due to passwords continues to grow.
100Passwords
Number of passwords that the average computer user has to manage as they go about living their daily lives.https://www.techradar.com/news/most-people-have-25-more-passwords-than-at-the-start-of-the-pandemic

Key Points

  • Passwordless methods include hard tokens like YubiKey, mobile devices with FIDO2, and behavioral biometrics
  • Passwordless authentication eliminates the need for users to remember or manage passwords
  • Though it can be more secure, passwordless can also be less secure if device-based and the device is stolen
© Tsingha25 / Dreamstime

Phone- or device-based FIDO2 authentication is one increasingly popular variety of passwordless authentication.

Quick Read

Individuals and companies alike are increasingly pursuing passwordless authentication workflows to replace older username-password methods for logging in and authenticating to computing resources.

The reason for this is that passwords are no longer as simple and easy to manage as they once seemed to be. In the early years of computing, when users had only one or two passwords to remember and the number of attackers was low, passwords were an obvious security solution.

Today, however, with most computing resources connected to the public internet, the number of attacks and attackers is both massive and global, so passwords must be stronger—which also means harder to type and harder to remember. Worse, with the rise of cloud computing, most users are no longer managing just one or two passwords, but rather dozens to many dozens.

As a result, passwords have become increasingly unmanageable as a method for controlling access to computing systems.

Passwordless solutions replace passwords with other identifiers that are easy to manage. Common passwordless solutions include hard tokens like YubiKeys, biometric authentication like fingerprint or face scans, proximity-based solutions that require a "known" authenticating device to be near the computing resource, and behavioral biometric solutions that recognize users based on typing style, and FIDO2 workflows that may leverage one or a combination of these to prove identity in a standardized way.

FIDO2 in particular has done much to accelerate the adoption of passwordless forms of authentication by standardizing the ways in which passwordless solutions communicate with systems as they replace or supersede standard username and password prompts.

Note that passwordless solutions are not always panacea; device-based passwordless solutions in particular are vulnerable to theft, particularly in the case of small devices like YubiKeys that can easily be snatched and pocketed in the blink of an eye.

Further Reading

—Aron Hsiao

Need Passwordless solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.

 

Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
Real-time Identity Confirmation and SIEM Enrichment with Behavioral Biometrics
SSO, CASB, and DLP with Real-Time Passive Authentication
Passwordless SSO, CASB, and Cloud Data Loss Prevention
Intelligent FIDO2 Single Sign-on, CASB, and Access Control

More to Know

© Avictorero / Dreamstime

Hard Tokens for Passwordless

Hard tokens like YubiKeys are easy to carry, easy to use, and comparatively inexpensive. However, they are also easy to misplace, easy to steal, and far easier than a mobile phone to inadvertently lose track of or leave behind.

© Prykhodov / Dreamstime

Mobile Phones for Passwordless

Mobile phones that incorporate a fingerprint scanner and are configured as FIDO2 devices are increasingly popular as passwordless authenticators. This requires software, for example an SSO provider, that supports FIDO2.

© Gajus / Dreamstime

Behavioral-Biometric Passwordless

Behavioral-biometric solutions that recognize users based on their movement patterns have long been available, and can also enable continuous authentication, which confirms a user's identity at all times, not just during login.

Quick Definition

Passwordless authentication refers to identity assessment and authentication without the use of a password to gatekeep resources. Examples of this include something physical, like a fingerprint, phone code, or a wearable token, or a continuous identity signal that allows verified users to proceed based on factors like behavioral biometrics and location.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.