KNOWLEDGE

Passwordless Authentication

Posted on by iconext writer
07
Feb

Nowadays, we often hear about password leak and phishing attack news, so many organizations are trying to find ways to enhance identity verification to be safer. One method to verify your identity is Passwordless authentication (authentication method without using a password). Microsoft has provided information on its website that this kind of authentication is very safe, so there may be many people who are using this authentication.

Image by https://www.microsoft.com/th-th/security/business/solutions/passwordless-authentication

Types of passwordless authentication

Passwordless authentication can be implemented in several ways:

Biometric authentication: It is to authenticate by your fingerprint or retina scans.

Possession factors: This is to authenticate via something that you own or carry with you, such as a time-based OTP from an authenticator app, an OTP received via SMS, or a hardware token.

Magic links: This authentication is done by a link sent to your email. When you click the link in the email, it will immediately authenticate without entering a password.

Is passwordless biometric authentication safe?

To say whether or not passwordless authentication is safe, it depends on your definition of safety.

If safety means it is harder to hack and there are fewer vulnerabilities than regular passwords, then it can be said that passwordless authentication is safe.

If safety means it can’t be hacked, we have to say that there is no authentication that can prevent 100% hacking.

However, passwordless authentication is much safer than using a password and is becoming more and more popular nowadays.

Advantages and disadvantages of passwordless authentication

Advantages

Greater security: It is known that passwords are one of the major weak points in computer systems and they are the first target of attackers.

Better user experience: You don’t need to set complicated or repetitive passwords. Moreover, you also don’t need to reset your password periodically to prevent password leak.

Reducing IT costs: Since it is unnecessary to store the passwords in the database, a password policy is not required.

Disadvantages

High implementation costs: Passwordless authentication can save cost in the long term, but when modifying the system for the first time, it requires a high cost in both development and implementation work as well as the cost of required equipment.

Training needed: Using passwordless authentication is different from using normal passwords or PINs. Therefore, training is required for both IT teams and end users.

Equipment maintenance: If you lose your mobile phone or hardware token, you will not be able to verify your identity. (Currently, you can use a recovery code to solve this problem)

Source:

https://www.onelogin.com/learn/passwordless-authentication

https://en.wikipedia.org/wiki/Passwordless_authentication

https://www.microsoft.com/th-th/security/business/solutions/passwordless-authentication

    wpChatIcon