Companies invest billions of dollars each year in cybersecurity solutions, but security breaches continue to rise steadily. We hear about high-profile examples, but for every breach that makes the news, there are many others that are just as disastrous for organisations at every level of development.
Why is there a rise in this? The solution is straightforward: Compromised login credentials are the main cause of today’s breaches, regardless of how robust your security infrastructure may be. The password is fundamentally faulty because it depends on user behaviour to function effectively even though it was created as a security measure against cyber criminals.
Yet, there is good news. With a new type of login that can replace passwords the weakest link in the cyber defence chain with frictionless, unfishable passkeys, recent industry advancements offers promise in tackling this “password problem.”
In the last 30 years of my career, I have worked at organisations like IBM and HubSpot, where cybersecurity has been a constant concern. This turning point offers a chance to revisit the fundamentals of cybersecurity and discuss the potential effects of underinvesting on businesses across all sectors and stages of development.
Beyond the monetary cost of a hack, a breach can result in exorbitant fines, a ruined reputation, low employee morale, and even irreparable harm to an executive’s reputation.
It’s time for the newest generation of authenticating technologies. Here are three considerations you should make in order to get yourself and your company ready.
Think Passwordless Today for Passkeys Tomorrow
I have to admit that, despite being the CEO of a security company, I am a little more aware of password hygiene than the typical person at the moment.
I recall setting up my first password and wanting to choose “LSU” because I was an avid football fan growing up in Louisiana. However, the service demanded at least six characters, which I knew was horribly insufficient, so I chose “ELESHU” instead. I don’t use that one anymore, but as people, we’re still too often persuaded to take shortcuts that put our businesses and ourselves in danger for security.
As a result, hackers have determined that this kind of conduct is their most effective attack vector, and we have witnessed a dramatic increase in phishing incidents that aim to steal user credentials.
So, it should not be surprising that removing passwords has always been the objective. Then what is a passkey and why is it unique? A passkey is a password-free credential in which the authenticator and the website communicate by exchanging keys. They are invisible to people, eliminating all risks associated with using passwords that are tied to people.
There is no need to worry about creating unique passwords, and you cannot unintentionally leave a passkey laying about. Passkeys are based on public-key cryptography and, in contrast to passwords, don’t rely on servers hosting shared secrets.
Passkeys can’t be phished because they are tied to the website they are set up for, unlike human passwords, which can occasionally be typed incorrectly on websites like facebook.com instead of facebok.com.
Human behaviour is difficult to alter, but authentication procedures can be modified. Even though passkey-based authentication is currently only supported by a small number of websites, we don’t need to wait for adoption to happen. You may experience the idea of passwordless authentication through biometrics until passkeys are widely used, or you can use apps like Discord or WhatsApp that use QR codes to enable cross-platform logins.
Consumers’ Behaviour will Fuel Adoption at Work
The FIDO Alliance, the business coalition tackling this issue, will celebrate its tenth anniversary next year. Consumer applications rather than commercial applications have clearly been their first focus. That makes sense because our employees also use the internet to purchase and connect, and their online behaviour will influence how they behave at work.
Generally speaking, I believe there has been a significant shift in business software, including security software the user experience must be at a consumer level to encourage acceptance, and the projected widespread availability of passkeys for sign-in to various online services. Passkeys will thereby handle a wide range of user issues for organisations at all stages of growth, even though the early development of the technology is focused on consumer solutions.
Internet users often manage over 200 logins for multiple accounts, which means that it only takes one mistaken click, one convincing phishing email, or one reused password to destroy an entire company. The broad use of remote work has only increased the variety of programmes and solutions that teams regularly utilise.
The surface area that we leave open to unscrupulous actors expands as our workplaces become increasingly digitised and scattered. A phishing-resistant solution like passkey fills a clear and urgent need, and the case for its widespread adoption has already been established by the recent launches of passkey products by Microsoft, Apple, and Google.
Do not yet Discard your Passwords
Near the end of 2023, the majority of well-known websites intend to implement passkeys, and early adopters like PayPal already allow passkey payments. But, websites (like Paypal) will support both during the transition from passwords to passkeys. Because the switch won’t occur immediately, this hybrid phase is crucial.
Even attentive businesses that enforce multi-factor authentication (MFA) are now subject to disruptive attacks. Our best option is still to use MFA in addition to proper password hygiene until passkey technology is widely used.
Make sure your firm understands the benefits of switching from MFA and passwords, which may have always felt cumbersome, to passkeys, the most reliable, secure, and user-friendly way for us to interact with one another online.