Anthony Roberts, Head of Cloud Services, takes a look at passwords and considers if we are really ready for a passwordless future.
The problem with passwords
Passwords are one of the biggest problems in cyber security today. They are too easy to guess and too easy to break. Once a password has been broken, an attacker can not only compromise the account they have access to – but they will also try to compromise other accounts with the same password or a variation of the same password. This tactic is often very successful as people repeatedly use the same password for multiple accounts.
Another problem with passwords comes from social media. Because of the nature of sharing in social platforms, people will often share password data without even realising they’re doing it. They mention places they’ve visited, the names of their pets and close relatives – all of which are common things used when creating passwords.
Finally large organisations often get breached and have their password data stolen and sold out on the Dark Web. An attacker could breach these accounts before you have even managed to change them or there could be a password for a service you may have forgotten about using the same password that was stolen.
Could a password less future address these issues?
Passwordless authentication is the method of verifying a user’s identity with something other than a password.
For example, Microsoft now lets you remove passwords from accounts and instead use a combination of Windows Hello, Authenticator App, a security key or an SMS message to authenticate.
This technology can be used to sign into any AzureAD account on any device platform and can be used on third party apps that use the Microsoft Authentication Libraries.
The main benefits of using a passwordless account is that it removes the onus of the end user to create something that’s secure, individual and memorable without relying on a password manager.
To learn more about Frontline Security solutions contact the team today: