Saturday, December 10, 2022
For any kind of suggestion or query feel free to mail us at hello@globaldaily.in   Your online source for any kind of news   Welcome to Global Daily

Why passwords may become a thing of the past – Times of India


Smartphones are ubiquitous these days and so are apps and the multitude of things that they bring along. For every app — barring a few — you will need a password. In fact, there are just way too many passwords in people’s lives. If passwords alone weren’t enough to infuriate you, there’s this whole concept of keeping ‘difficult’ passwords — some need an upper case, some need a special character, some need a number — and you really start wondering about the whole password menace. Is a passwordless world possible? Apple, Google, Microsoft, IBM and many others certainly seem to think so.


How will a passwordless world work?

FIDO Alliance is an open industry alliance that became public in 2013. The idea was to reduce the world’s over-reliance on passwords. It has been close to 10 years that FIDO Alliance has been working on a world without passwords but it’s closer to reality now. Andrew Shikiar, executive director, FIDO Alliance, explains how a passwordless world will work.
It all begins with FIDO credentials — or cryptographic keys — that are stored on laptops, phones, and other devices and can be used for secure authentication. When a FIDO credential automatically syncs from the device that it was originally created on (typically a phone or computer) to another of the user’s devices, it is called a “multi-device credential”.
This new functionality builds upon the prior “single-device credential” capability which is a FIDO credential available only on a single device, and cannot be backed up and restored this way. “This latest advancement is important in the progress towards more ubiquitous passwordless solutions, as it enables users to transfer credentials between devices,” explains Shikiar.
In layman’s terms, it will be very similar to that of using a password manager that helps the user sign in. However, the level of security is better than even traditional two-factor authentication—all without requiring any additional steps or devices during authentication.


Just like password managers do with passwords, it will depend on the OS platform to sync the cryptographic keys that belong to a FIDO credential from device to device.
Apple, Google and Microsoft – the world’s biggest platform providers – have confirmed their commitment to supporting these passwordless sign-in standards. “The road to eliminating passwords may be long, but this is a vital step in making it a reality in both the consumer and enterprise space,” believes Shikiar.
With all leading platforms joining hands, Vishal Kamat, director, IBM Security, IBM India Software Labs, believes that the opportunity is huge “for solution developers to bake security into the fabric of their solutions while driving consistent consumer experience across the application landscape.”
Sampath Srinivas, PM Director, secure authentication, Google and President, FIDO Alliance, in a blog post further detailed how it will work on the phone. The phone will store a FIDO credential called a passkey which is used to unlock your online account. “The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone,” notes Srinivas.
In case you are signing on a computer, access to the phone will be needed as you’ll simply be prompted to unlock it for access. However, this will be a one-time thing, explains Srinivas. “Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” adds Srinivas.
Shikiar of FIDO Alliance says the three fundamental advantages of a passwordless world will be — sign-in will become easier for the user, it will be phishing-resistant and offer a more robust system. It comes as no surprise that people forget passwords — it could be for Uber that you haven’t booked for months or an old email ID that you want to access. The trouble is that if they are old accounts then you wouldn’t remember the backup email ID or phone numbers. As long as you have a phone, a user will be able to sign in as there is nothing to forget.
For service providers, this will require some updates to their authentication and identity systems in order to enable the FIDO capabilities.


“Hundreds of technology companies and service providers from around the world have collaborated within the FIDO Alliance and W3C for the past several years to create the passwordless sign-in standards that are already supported in billions of devices and all modern web browsers,” says Shikiar.
“Passwords are fast becoming obsolete and it is really a matter of “when” and not “if” we will have a world without passwords,” says Kamat. It’s no secret that passwords — the weak or stolen ones — are by far the number one cause of cyberattacks today, and consequently, the passwords have become the weakest link in the cybersecurity chain of defence.
Sundar Balasubramanian, managing director, India, and SAARC, Check Point Software Technologies believes that a passwordless scenario could be a reality as the standards for a passwordless environment becomes more established, and the number of passwordless sophisticated authentication techniques grows.
“The use of distributed ledgers (ie: blockchain) to store digital identity information, multi-attribute authentication decisions using AI technologies such as risk-based authentication, and the adoption of Zero Trust frameworks for securing digital information are some of the trends that we expect to mature over the next 2-3 years,” says Kamat.


What happens to user privacy and security in a passwordless world?

Shikiar believes that cybersecurity health will be dramatically improved without passwords. Passwords and second-factor authentication such as OTPs and in-app push notifications are inconvenient and insecure. “They can be phished, and they are being phished at scale today,” he adds.


Balasubramanian, on the other hand, feels that though passwordless authentication appears to be a safe and simple method, it comes with its own set of issues. The funding and migration difficulties could be counted as some of the most pressing issues. He goes on to explain that “malware, man-in-the-browser, and other attacks are feasible even with passwordless authentication. For instance, cybercriminals can install a software patch to intercept one-time passcodes (OTPs). They might even infect web browsers with Trojans to intercept shared data such as one-time passcodes or magic links.” Further, cybercriminals have proven that voice recordings and other biometric traits have also been duplicated.
Kamat also sees a passwordless world as an opportunity. “It’s an opportunity to modernize our authentication systems leveraging newer technologies that will improve the consumer experience while making our transactions more secure,” he explains.
It is critical to have support in everyday devices, believes Shikiar, who thinks that a passwordless world needs to approach with the ubiquity of passwords and SMS OTP. This is why he believes Apple, Google and Microsoft’s commitment is important. “Their commitment will also offer service providers more diverse options for deploying modern, phishing-resistant authentication methods,” he adds.
“It is undeniably a huge step forward in terms of secure authentication for the ordinary user, who is unlikely to use the strongest passwords but is statistically more likely to reuse them across sites and services,” says Balasubramanian.





Source

Hits: 0

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 61 = 70

Related Posts

Recent Posts

Sula Vineyards IPO Opens on Monday: GMP, Price, Size;10 Things to Know Before Investing
Sula Vineyards IPO Opens on Monday: GMP, Price, Size;10 Things to Know Before Investing
Kerala Governor Supports Bringing Uniform Civil Code
Kerala Governor Supports Bringing Uniform Civil Code
HP TET 2022 Exam begins today: Check admit card link, shifts timings and other exam day guidelines – Times of India
HP TET 2022 Exam begins today: Check admit card link, shifts timings and other exam day guidelines - Times of India
WATCH: Croatia player Ivan Perisic’s son CONSOLES teary-eyed Neymar after Brazil CRASHED out of FIFA World Cup
WATCH: Croatia player Ivan Perisic's son CONSOLES teary-eyed Neymar after Brazil CRASHED out of FIFA World Cup
What Does ‘Tiramisu’ Mean? Here Are Its Ingredients And How To Make It
What Does 'Tiramisu' Mean? Here Are Its Ingredients And How To Make It
UG ‘Honours’ Degree Only After Completing 4 Years, Not 3: UGC New Draft Norms
UG 'Honours' Degree Only After Completing 4 Years, Not 3: UGC New Draft Norms
Following Griner’s Release, Critics Say Enemies Know Now How to Gain Leverage over US
Following Griner’s Release, Critics Say Enemies Know Now How to Gain Leverage over US
CBSE 2023 Board Exams: CBSE releases subject wise marks breakup for 10th, 12th students – Times of India
CBSE 2023 Board Exams: CBSE releases subject wise marks breakup for 10th, 12th students - Times of India
Pele consoles Neymar after Brazil bowed out of FIFA World Cup with a quarterfinal defeat | Football News – Times of India
Pele consoles Neymar after Brazil bowed out of FIFA World Cup with a quarterfinal defeat | Football News - Times of India
Russian President Putin Likely to Attend G20 Leadership Summit in New Delhi in September 2023
Russian President Putin Likely to Attend G20 Leadership Summit in New Delhi in September 2023

Archives

Categories

Tags

PHP Code Snippets Powered By : XYZScripts.com