Since the world transitioned to the digital economy in 1995, we use the first consumer e-commerce transaction as a milestone. Everyone knows whatever application security is as strong as your user password, or as weak as the weak password being used. From increasing the lengths, complexity of the password, and frequently changing the password.
From the market survey will notice the average person is reuse the same password for an average of 5 or more regardless for personal or business use case context. Then the world adopts two factor authentication (2FA), such as with the mobile phone for the SMS given one time password (OTP), or adding the image requires human intervention by click, by type or by sort basis in multi factor authentication (MFA).
Let face the reality, it still failed to address the authentication issue, since it now had 15 billions credentials leaked in the dark web for sales. Hackers continue to demonstrate how good they are at setting up phishing websites and services to steal user credentials in various ways, such as offering free commercial software to download, free games or whatever to attract a massive number of users to download and extract credentials.
Google in the recent Word password day May 5th, committed to transform over passwordless authentication. For some users, you are already using it, as it will send additional action-required messages to your mobile device, where you need to click and approve the login.
When the entire world transitions from password-based security to passwordless authentication, it means a lot of changes. First of all, the existing password-based authentication mechanism will be eliminated. Passwordless authentication provides various benefits, first of all, users can’t be tricked into giving away their credentials to scammers or having them stolen through brute force, that is good news. Potentially it may make it more convenient for users to login.
A passwordless authentication is a form of multi-factor authentication (MFA) that replaces the password with a secure alternative. It can be configured to verify a user account using a combination of more secure authentication factors such as a fingerprint, PIN, device specifications or its location, and digital tokens, among others. Make it very hard to target as a victim for identity theft, unless the person and the said device(s) has both been hijacked.
As Google, Microsoft, Apple are committed to passwordless authentication, you no need to enroll in any commercial services so soon, if the existing 2FA and MFA is strong enough for your current use case and context.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Other post you may be interest: