Comprehensive Software Reviews to make better IT decisions
Be More Secure Without Passwords: Microsoft Embraces Passwordless Authentication and FIDO2
Microsoft is working to usher in the era of passwordless multi-factor authentication as passwordless API becomes an official W3C standard. Strong authentication using biometrics and FIDO2-compatible hardware is the better, and more secure, method of multi-factor authentication.
Complex passwords are hard to remember, even with fancy mnemonics. Enforcing password complexity and password expiry has long been regarded best practice – in theory. In practice, managing passwords has more often been a source of lost productivity, insufficient security, and poor user experience. Calls to service desks to reset passwords continue to be a significant cost overhead for IT service management.
The passwordless standard amounts to a stronger, more secure multi-factor authentication pattern. Websites and online services can leverage the passwordless trend by recognizing a registered FIDO2-compatible hardware device called an authenticator. The owner of the device creates and registers a public key credential for the website configured to log in the user with this method. The user unlocks the device using a biometric (fingerprint, iris scan, facial recognition) or PIN. The hardware device then proves the authentication credentials to a PC or mobile phone via Bluetooth, NFC, or USB.
Computer passwords were insecure to begin with. Just ask Fernando Corbató, who led the implementation of the first time-shared operating system at MIT in the mid-1960s. Overcoming the inherent insecurities associated with passwords has meant supplementing them with tokens, captchas, memorable questions, pictures, phrases, and one-time codes sent to users by SMS, email, or voicemail. Even with the advent of mobile apps replacing expensive hardware tokens, the traditional password was never abandoned.
Bill Gates predicted in 2004: “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.” Microsoft has prepared for the elimination or replacement of passwords with Windows Hello for Business, Microsoft Authenticator app, and Fast Identity Online (FIDO)-compatible security devices.
Businesses should improve their security posture by adopting secure authentication technologies, including FIDO2 and WebAuthn, that do not rely on passwords. Users should be advised that passwordless biometric authentication does not imply that their biometric data, password, or PIN will be shared with a website or service provider. FIDO2-compliant authenticator hardware devices do not store a password either; they store the private key, which identifies the registered owner to the website. Passwordless authentication is different from a one-time password using hard or soft tokens. Microsoft as a technology leader has rightfully made a clear commitment to support passwordless multi-factor authentication.
Want to Know More?
Identity and Access Management (SoftwareReviews)
Facing the Law: Police, Facebook, Cybersecurity, and the Most Beneficial Use of Facial Recognition Technology
FIDO Alliance and W3C Achieve Major Standards Milestone in Global Effort Towards Simpler, Stronger Authentication on the Web
Recent data released from SoftwareReviews' Identity Access Management (IAM) Customer Experience Report reveals Symantec VIP is performing above the rest when it comes to providing good customer service.
HID officially announced its support of Seos-enabled IDs in Apple Wallet on August 13. This enables a more convenient and secure authentication process for iPhone users using HID technology.
Based on a recent survey conducted by Enterprise Management Associates (EMA), organizations are confused about what privileged access management (PAM) is and whether they are using it effectively within their organization.
Micro Focus’s new offering, AD Bridge, extends AD policies and account management to Linux machines, simplifying identity and access management (IAM) for organizations running both Windows and Linux.
Canadian-based technology company Vivvo eyes government services as it launches e-services platform, CitizenOne.
SAP SE announced on April 30, 2019, that business-to-business (B2B) functionality has come to its customer identity and access management (CIAM) solutions.
Good IT leaders are supported by great IT teams. Take the opportunity to reassess the makeup and capabilities of the team.
Amazon Glacier is hardly an expensive storage option. But for those users who store massive amounts of rarely needed data, it may not be worthwhile. Enter Glacier Deep Archive, an even cheaper storage option for data with an access SLA of 12 hours.
Old file shares are a mess. Clean them up by identifying documents that are high-risk or high-value and get rid of everything else. Use a tool you didn’t know you owned to do it.