Digital transformation had brought many impacts to the world we are living today. One of the impact is massive utilisation of internet applications in various daily activities and adoption of IT system in organisations. Until today, password authentication remains as the most implemented authentication method for data security and protection in most applications. Recently, as over 61% data breach is reportedly due to compromised credential, this highlights the need for passwordless authentication.
Why Passwordless authentication?
Primarily, password authentication itself is the main issue. Being the first layer of protection for access to data centre, password authentication is definitely the prime target of attackers. Over the years, attackers had developed various techniques that can penetrate or surpass password authentication to gain access to sensitive data. These techniques include brute force attacks, phishing, keylogging, Man-in-the-middle attacks and credential stuffing. Believe it or not, there will be more in the future given time and advancement of technology.
Next, the people. Fearful of forgetting their own passwords is one of the disadvantages of password authentication. Imagine the need to remember more than 10 passwords to ensure secure access to different applications. Subsequently, people tend to create ‘easy to remember password’ such as 123456 to avoid forgetting their password. Convenient as it seem, on the contrary, it gives ways to brute force attack method, a program that can generate random combinations of password or username to exploit common weak passwords.
Now, let’s look at passwordless authentication offerings. Firstly, passwordless authentication dismisses all issues that came about from password authentication. Simply put, no more exposure to such data breach techniques and forgetting passwords issue. Secondly, passwordless authentication which include biometrics, the use of proximity badges, software tokens and mobile applications simplify IT operations as these method do not require password management where passwords need to be issued, reset for improved security. Finally, though, there will never be one perfect cyber security solution, passwordless authentication helps improve security as it is commonly used in conjunction with Multi-factor Authentication (MFA) and Single Sign-on (SSO).
E-SPIN being active in helping enterprise customers to implement enterprise digital transformation technology to achieve scale, scope and speed. E-SPIN since 2005, already in the business of supply, consultancy, integration, training and maintenance of various supplies for enterprise customers and government agencies. Feel free to contact E-SPIN for your cyber exposure (risk, asset, vulnerability and threat management).
More reading on Passwordless authentication;