Passwordless sign-in a paradigm shift? Expert explains the new technology
To tackle the critical security scenario, firms are looking towards password less authentication system for providing hassle-free but more secure check-ins. Will it prove to be safer and easier sign-in option? Experts explains.
As businesses undergo digital transformation, nearly every aspect of their operations is now or soon will be available digitally. In today's rapidly changing digital world, access management is critical to providing personalised experiences but increased hacking threat demands a robust security infrastructure.
There are many recent instances where huge volume of data got leaked or accounts went compromised due to ineffective authentication system.
Uber is probing cyberattack on vendor site where over 70,000 employees data landed in hackers hand. Even Indian railways last month sought help of CERT-IN to investigate data breach claimed to be affecting 3 crore users.
To tackle the volatile security scenario, firms are looking towards password less authentication system for providing hassle-free but more secure check-ins.
We talked about this paradigm shift with IBM Security Software's Technical Sales Leader, India/South Asia Region, Tushar Haralkar.
Why a movement towards passwordless security infrastructure?
He explains, “When we set a password, there are many password guidelines that we must follow and then it also expires after predefined time. On an average, you will at least have to remember a minimum of 15 passwords. So, it involves too much complexity.”
He further added, “Despite doing all of that, that is not enough because still the passwords are getting compromised. So we are seeing a shift from just one factor of authentication, which is username and password, to multiple factors and then Biometrics which is face ID, fingerprint.”
What are the present solutions?
Haralkar says, “The next shift is why do we even have the password? Because if there is a password, it's difficult to remember, it gets compromised.”
IBM has brought the Security Verify app to deliver the access management service, he said.
It helps enforce risk-based access policies that provide minimal friction during authentication when the user is known and stronger, multi-factor authentication if the risk is elevated, the New York-based corporation claims.
It includes passwordless authentication, single sign-on access, risk-based multi factor authentication (MFA), among other security features.
So, will passwords be a thing of the past?
Tushar says, the passwords will remain for critical operations, but its use will be very limited. With behavioural biometrics coming into picture, by checking how the user handles the device, organizations will also know if this is a real user, or this is somebody else.