During an informal closing meeting, one of my clients asked my team and I how we felt about going passwordless. Passwordless is that extra layer of security to then be prompted for MFA. Would going passwordless really fly with the regulators? MFA has other forms of authentications such as one time passwords, push notifications, and SMS notifications. Based off of Microsoft, passwordless is being implemented for one of the factors such as weak passwords. This is the reason why strong passwords need to be put in place.
Microsoft states there are 3 ways to help users keep their identifies safe such as Windows Hello (facial, thumbprint), Microsoft Authenticator, and FIDO2 Security Keys (Standards-based passwordless authentication).
However, passwords are not going to go away anytime soon. Passwords are the most cost friendly and easy authentication option which makes it difficult to push away.
Reference:
https://thehackernews.com/2021/04/passwordless-more-mirage-than-reality.html
By Victoria Zak
Leave a Reply