By Mehab Qureshi
Sooraj Jadeja, a 24-year-old IT engineer based in Gujarat, had a nightmarish experience when he forgot his password. As he tried to recall it, he realised that he had forgotten the email he had used to sign up and the phone number associated with it. The result was a frustrating loop of repeatedly clicking “forgot password” and trying his best to guess his way into his account.
All of this could have been avoided had he discovered passwordless authentication.
Passwordless authentication eliminates the need for users to remember and manage multiple complex passwords. Instead, it utilises secure and reliable methods such as biometric data, hardware tokens, or public key cryptography.
Also read: In generative AI’s moment, prompting basking in its glory
“Hackers don’t break in, they log in, and weak passwords continue to be the primary entry point for attacks on both enterprise and consumer accounts. In 2022, Microsoft tracked 1287 attacks every second,” said Terence Gomes, country head – Security, Microsoft India. “Although we’re at a greater risk of security breaches than ever before, people aren’t always successful at setting up strong passwords. While issues such as forgetting one’s password or reusing the same password for multiple accounts remain, we also need to acknowledge the inefficiency and vulnerability of passwords.”
Siddharth Gandhi, COO Asia Pacific region of 1Kosmos, which provides multi-factor authentication solutions, explains that traditional passwords pose several security risks including theft, phishing, and brute force attacks, which can be mitigated by reliable biometric and cryptographic protocols. “That’s exactly what we do, combining identity proofing and authentication to create a non-phishable, biometric-based authentication experience that eliminates most account takeovers and fraud,” he said.
Gandhi claimed the passwordless-solution goes beyond just ensuring user data privacy and security by storing biometric data in a private blockchain. “The user’s biometric data is not shared or transmitted to any third-party, ensuring that it remains private and secure,” he adds.
Authentication is the first step to secure user accounts. This trend has seen organisations in various industries, including but not limited to asset management, financial services, and telecommunications, successfully implement passwordless authentication using phased implementation and controlled testing. By providing users with both the old system and passwordless authentication side by side, organisations can improve user acceptance rates, and early adopters can become advocates for the new approach, accelerating its acceptance, said Gandhi.
As more users adopt advanced smartphones with 12 megapixel cameras, hardware-based trust platform modules capable of creating and storing cryptographic keys (as passwords) are possible.
“Self-sovereign identity can be the next advancement for passwordless authentication. Passwordless access allows users to have control over their personally identifiable information, safeguarded through the use of public/private key cryptography,” he noted.
Also read: Samsung launches new OLED TVs with Neural Quantum Processor 4K: Details
There are various passwordless authentication methods available such as facial recognition, voice recognition, fingerprint scanning, and hardware tokens. Several organisations have implemented these methods, such as Microsoft which offers Windows Hello — a biometric authentication solution that enables users to log in using facial recognition or fingerprint scanning.
“We had announced that users can completely remove the password from their Microsoft account. By using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to one’s phone or email, every user can go passwordless with any of their Microsoft apps and services,” added Gomes.
HASSLE-FREE LOGIN
* Passwordless authentication is a form of authentication that does not use a password ever
* Helps users break free from complex passwords
* Improves security and user satisfaction while protecting sensitive data and resources
* Stops account takeovers from credential attacks
* Saves time and money on password resets
It uses biometric data safeguarded by cryptographic protocols.