What’s Next in Authentication? Passwordless Security

We certainly live in interesting times. Technology has been an enabler and has leveled the playing field for so many companies around the world, giving them the ability to compete against companies hundreds of times their size. The Internet has been a boon and bane to humanity since its inception. We have seen the world move forward at a staggering pace thanks to technological advancements. 

The first bane to touch on is the use of passwords. We have long utilized passwords as what we would euphemistically refer to as a security control. As security practitioners have preached the benefits of using a strong password to the masses, we lost the direction overall. I have long equated passwords with the venerable house key. Sure, you can lock your front door. You can protect your collection of things when you go off to work or to attend to your errands. 

However, if you lose your house key somewhere along the way, someone of nefarious intent could then use that to enter your house and potentially steal your belongings. At no point did the house say, “Yes, that key belongs to this homeowner and you can now enter.” This is a control but not one of security and we need to divest ourselves of that notion. 

When it comes to security resilience in an organization, we need to focus on protecting the integrity of the business. One sure-fire way to accomplish this is to provide better authentication mechanisms to ensure we know who is accessing corporate information and that they are in fact who are expected. We need to pay acute attention to identity security. The deprecated notion that passwords are a security control can safely be sent off into the wild. 

We need to rise to the challenge of better handling of authentication. We recently released the Duo Trusted Access Report which reviewed in excess of 13 billion authentications in the prior year. One of the trends that jumped out was the rise of passwordless security adoption. This has grown fivefold over the last 3 years, which is quite significant. 

So, what is passwordless? This is technology that utilizes platform authenticators, security keys, and push authentication to access without having to rely on passwords. This makes the user experience more seamless and secure while reducing the risk to the organization. 

As one example, attackers love to reuse passwords against multiple sites when they compromise a website. The logic here is that many people use the same password on multiple sites, and this provides for significant security exposure. So rather than rely on just security awareness training we need to democratize security to make it easier for people to stay secure online. 

On the Internet no one knows you’re a dog. This is a cartoon that has been floating around online since the earliest days of the web. Despite what we may tell them we need to do a better job of proving we are in fact the dog that we claim to be.

Learn more about Cisco Security Resilience  

Download your free copy of Cisco’s 2022 Trusted Access Report