"123456," "letmein," and "password" remain all too common passwords. It’s difficult to believe, but people still use simple, obvious passwords. They even repeat them across sites to avoid having to remember various logins. It’s a major problem for business, one you can address with passwordless authentication.
What is passwordless authentication?
As the name suggests, it means accessing information technology without a password. Yet there are different options that qualify as passwordless authentication.
Magic links are gaining popularity. In this approach, the user provides their email address. The system then emails a link to click that provides immediate access. Hidden from view, the system is ensuring it can find the user’s email address before authenticating.
Possession factors are another common solution. A user can authenticate their account only using something that they own. The system could rely on:
a code sent to, or generated by, a known authenticator app (e.g. Okta or Authy);
a one-time password sent via text message to the user’s registered smartphone;
a hardware token (e.g. a key fob or thumb drive, such as Yubikey). These may connect to the system or generate a one-time access code remotely.
A third alternative identifies people using biometrics. Using physical attributes, such as fingerprints or retinal scans, the system authenticates users. Biometrics sounds more sci-fi than the other options, yet many iPhone users already unlock their devices with facial scans.
In fact, behavioral biometrics can also help identify imposters if they do get into a system. The software learns how an individual typically interacts with a keyboard or touch screen. If a user in a session shows different habits the authentication software could flag a potential threat.
Securing your business from cyberattack
It’s abundantly clear that passwords can be cracked. As many as 23.2 million people were using "123456" as their password in 2022 breaches, so hackers can start with a simple guess.
Bad actors can also program computers to guess options over and over until they get in. Humans would take ages to do this, but machines can do it quickly. In fact, it’s estimated that a 10-digit numeric password won’t stall a hacker. Even adding one lowercase letter only takes them one minute to crack.
Passwordless authentication adds another hurdle. They often need the cybercriminal to have direct access to your email address, or to have your smartphone or hardware token in their hands.
Securing your business from cyberattack
We can’t tell you that passwordless authentication is 100% safe. Nothing is, as technology and the ways criminals attack continue to evolve. Yet these approaches beat passwords by requiring more effort to infiltrate your systems.
Want to avoid being an easy target for cyberattacks? Talk to our experts about authentication methods and shoring up your security posture.
Comments