Passwords: Out With The Old
In today's world, cyber criminals are constantly improving their attack methods and tools, making it difficult for organizations to keep up with their defenses. Even though people are becoming more aware of security threats, attacks on user accounts are becoming harder to detect and more convincing. The real challenge in security isn't just about choosing the right tools or creating better training programs; it's about defending against attacks that seem impossible to stop.
Passwords have been used for centuries, and while they are a staple in the digital age, they have significant flaws. This is why multi-factor authentication (MFA) has become so popular—it adds an extra layer of security. However, the tech community is now pushing for an even more secure solution: getting rid of passwords altogether.
Passwordless: In With The New
Passwordless authentication is an innovative approach that aims to eliminate the need for traditional passwords. One of the most promising methods in this area is the use of passkeys. Passkeys are a modern authentication method developed by FIDO, a consortium of tech companies. They use public/private key cryptography, where a key pair is generated by your device. One part of the key is stored on your device, and the other part is stored on the app or website you are logging into.
When you log in, your device can use biometrics (like fingerprints or facial recognition), PINs, or other methods to verify your identity. The two keys then combine to complete the authentication process.
Why Passkeys?
Passkeys offer a convenient and secure way to log in without the need for passwords. Since passkeys are not stored on servers and cannot be guessed or shared, it is significantly harder for accounts to be stolen. They are inherently multi-factor, and because they are designed to work exclusively with a single app, they are phishing resistant by design. This makes passkeys a step towards a more secure, passwordless future.
How Do We Get There?
While organizations and FIDO contributors like Microsoft and Google are leading the charge towards a passwordless future, the journey is complex and challenging. By focusing on eliminating less secure authentication methods, we recognize that some technologies will adapt, while others may become obsolete. Our mission as an integrator is to facilitate this transition by enabling adoption wherever possible, minimizing friction by reducing authentication challenges, and leveraging modern passwordless methods to enhance security and user experience.
Passkeys continue to evolve as a versatile authentication method, with some vendors embracing them as a standalone multi-factor authentication solution, while others integrate passkeys as an additional layer of security. This adaptability highlights the ongoing innovation in the field, as we strive to balance convenience and security. At ECI, we know that security evolves as quickly as technology. What we know is that password authentication is inherently weak.
We embrace replacing weak authentication like passwords with stronger authentication methods. We are continually testing technologies like passkeys and hard tokens to find the best balance of convenience and security for our customers.
