Moving Beyond Passwords
2 May 2017
Keith Graham, Chief Technology Officer at SecureAuth
Have you ever tried to get some critical work done, only to be challenged by the system to change your password? Have you ever been locked out because you can’t remember your password? Have you ever succumbed to temptation and written your passwords down, security policies be damned? Has ‘forgot my password’ become part of the login process?
You’re not alone. And there is one more reason to hate passwords: They aren’t very good at protecting your information. This year alone there were thousands of documented breaches of large household names. Take for example, the LinkedIn breach where 160 million usernames and passwords were stolen. Attackers use these stolen credentials to gain access to other sites and services causing further harm.
In fact, forward thinking organisations are moving beyond usernames and passwords altogether, rendering stolen credentials useless and saving helpdesk calls for password resets as they adopt passwordless authentication. Many I.T. professionals turn to two-factor authentication. By itself, this isn’t the best answer. It ratchets up user frustration, and certain popular methods can easily be compromised. The best answer is not to rely on passwords alone to authenticate.
This new modern approach to authentication is made possible by using something you have (such as a mobile phone), and something you are (biometric fingerprint) and layering it with risk-analysis that uses techniques such as whether the device is familiar and trusted, whether the IP address is good, as well as analysis of the geographic location, plus many others – all for secure passwordless authentication. These risk-analysis checks work behind the scenes and invisibly to the user, so there is no extra step and there is no compromise to security.
Passwordless authentication protects against attackers walking through the front door by preventing the misuse of stolen credentials, enabling organisations to take control of their authentication process while not compromising a positive and seamless user login experience.
To learn more about how SecureAuth can enable you to go passwordless today while improving security, user experience, and your bottom line, visit www.SecureAuth.com