Passwordless authentication has been increasingly spoken of in favor of the typical password-based method, and is gaining traction the more it is talked about. Google recently took steps toward passwordless that we felt warranted some discussion.
A simple way to look at passwordless authentication is to consider what can be involved in multifactor authentication and simply omit the password element of it. The hard truth of the matter is that passwords just aren’t that secure—in fact, they were never really intended as a security measure. The original shared networks more used them to confirm which data to retrieve than they did to keep others from accessing this data.
It wasn’t security, it was convenience. So, technically speaking, we’ve all been relying on what was never really meant to be a security system in the first place.
The other forms of authentication, however, have always meant to be security measures, which is why we’ve seen more and more personal identification numbers (PIN) or biometric-based forms.
This is a big step for Google to make in exacerbating the difficulties that an attacker will have. The idea of the passkey is that a user can create and store them in their hardware, also backing them up in the cloud, to access their different accounts and data without a password.
By eliminating passwords in this way, phishing risks are greatly diminished, password reuse is eliminated, and it isn’t as though you can reuse something you don’t know at all.
Again, this is big. Reducing, if not eliminating outright, these passwords can significantly improve your cybersecurity. Time will only tell how widespread these alternatives will become in the near future… but considering that the market is currently valued in the billions and growing, we’re confident that we’ll continue seeing news.
In the meantime, Flexnet Networks LLC is here to assist you with your cybersecurity needs. Give us a call at (432) 520-3539 to learn more about what we can do to assist you.