- Published: Wednesday, Nov. 11, 2020
Passwordless security allows a user to log into a resource without entering a password. This type of authentication relies on a public and private cryptographic key. The public key will reside on the resource (server, website or application) while the private key will be held by the user. The private key will be in the form of biometrics (fingerprints, face, voice recognition) or hardware tokens (cell phone, smart card).
As a form of multi-factor authentication (MFA) this provides an additional layer of password security.
Are there benefits of passwordless authentication?
- Users no longer need to remember passwords
- Without the use of passwords there is less chance of compromise of users and systems. Without the password cybercrooks will have nothing to phish, steal or compromise.
- This will reduce the amount of successful cyber attacks such as:
Since there won’t be any passwords to steal or scrape, the environment becomes more secure. Instead of passwords, the authentication will rely on the pairing of the public and private keys. As with your front door, if you do not have the correct key (in your possession) you will not be able to unlock the door and gain access.
Does this mean passwords will finally go away?
While passwords may never go away completely but through the use of MFA and emerging technologies we may be able to reduce our reliability on passwords alone. The security of the platforms in which they are used need to be addressed. It is likely that passwords will still stick around as one layer of authentication for a while.