Tag Archive for: Passwordless

The Impact of Passwordless Authentication on Internet Security in North America

/in


Exploring the Impact of Passwordless Authentication on Internet Security in North America

The advent of passwordless authentication has been a game-changer in the realm of internet security in North America. This innovative technology has been instrumental in addressing the perennial problem of password-related breaches, which have been a significant concern for businesses and individuals alike.

Passwordless authentication is a security method that verifies users without requiring them to enter a password. Instead, it uses other forms of validation such as biometrics, hardware tokens, or magic links sent via email or SMS. This approach has been gaining traction due to its potential to enhance security while improving user experience.

One of the most significant impacts of passwordless authentication on internet security is the reduction in the risk of password-related breaches. Traditional password-based systems are vulnerable to a variety of attacks, including brute force, dictionary attacks, and phishing. By eliminating the need for passwords, these threats are effectively mitigated.

Moreover, passwordless authentication eliminates the risk associated with poor password practices. A study by the Ponemon Institute found that 51% of respondents reuse passwords across multiple accounts, a practice that significantly increases the risk of a security breach. By removing the need for users to remember and manage multiple passwords, passwordless authentication reduces the likelihood of such risky behavior.

In addition to enhancing security, passwordless authentication also improves user experience. Remembering multiple complex passwords can be a daunting task for users, often leading to frustration and decreased productivity. Passwordless authentication simplifies the login process, making it quicker and more convenient for users. This improved user experience can also have a positive impact on businesses by increasing user engagement and customer satisfaction.

However, like any technology, passwordless authentication is not without its challenges. One of the main concerns is the potential for biometric data breaches. Biometric data, such as fingerprints or facial recognition, is…

Source…

The Road to Passwordless is Paved with Orchestration

/in


A new report from KuppingerCole Names ForgeRock an Overall Leader in Passwordless Authentication

If passwordless authentication is a destination, then identity orchestration is the highway to get there.

To define the term, “passwordless authentication” is the act of gaining access to digital resources without the use of traditional user-selected passwords. Given the pervasiveness of data breaches and their association with stolen or misused passwords, the momentum towards a passwordless future is undeniable. In recognition of this movement, KuppingerCole has published its very first Leadership Compass for Passwordless Authentication. But more on that in a minute.

The essential piece: orchestration

Identity orchestration, or just “orchestration,” is a way for organizations to quickly build and put in place user access journeys — from beginning to end — that are both easy for users and secure for the enterprise. Within this journey flow, passwordless methods can be enrolled, used, measured, and tweaked to give the organization the assurance that the benefits they seek — making users’ lives easier while elevating security — are truly being achieved.

Orchestration is a no-code no-brainer

Orchestration is both strategic and tactical. At a strategic level, orchestration is a critical capability of an identity and access management (IAM) solution, as essential as access management or identity management. It provides the capability to respond rapidly and with maximum agility to changing business conditions, using identity to create a competitive advantage for both your workforce users and for your consumer population, without breaking the budget.

At the tactical level, it is a graphical, drag-and-drop tool that IT administrators use to design different user journeys to support the business. In the past, user journeys needed to be hard-coded by developers, which was a timely and expensive process that would often take months to get even a few user journeys in place. When the business or security landscape changed, developers would need to be called back in to re-code those journeys.

Modern orchestration involves no coding. This means non-technical IT and identity…

Source…

Mobile malware, passwordless authentication fails, and hackers in space

/in


WatchGuard Technologies has announced its cyber security predictions for 2022, as it looks to help businesses understand where their next set of threats will be and to ensure enterprises remain in step ahead of the risks. 

According to the cybersecurity firm, in 2022 state-sponsored mobile threats will trickle down to the cybercrime underworld.

“Mobile malware certainly exists especially on the Android platform but hasn’t yet risen to the same scale of traditional desktop malware,” the company says.

“In part, we believe this is due to mobile devices being designed with a secure mechanism (e.g., secure boot) from the start, making it much more difficult to create zero-touch threats that don’t require victim interaction. However, serious remote vulnerabilities have existed against these devices, though harder to find.”

Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to both the devices capabilities and information contained in them. As a result, groups selling to state-sponsored organisations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices, such as the recent Pegasus mobile spyware. Unfortunately, like in the case of Stuxnet, when these more sophisticated threats leak, criminal organisations learn from them and copy the attack techniques.

“Next year, we believe we will see an increase in sophisticated cybercriminal mobile attacks due to the state-sponsored mobile attacks that have started to come to light,” WatchGuard  says.

Spear SMSishing Hammers Messenger Platforms

Text-based phishing, known as SMSishing has increased steadily over the years. Like email social engineering, it started with untargeted lure messages being spammed to large groups of users, but lately has evolved into more targeted texts that masquerade as messages from someone you know, including perhaps your boss.

“In parallel, the platforms we prefer for short text messages have evolved as well,” WatchGuard says. 

“Users, especially professionals, have realised the insecurity of cleartext SMS messages thanks to NIST, various carrier breaches, and knowledge of weaknesses in carrier standards…

Source…

A passwordless experience isn’t necessarily passwordless

/in


Nobody likes passwords. From an IT perspective, passwords are notoriously insecure with compromised credentials accounting for 81% of all data breaches