Passwordless MFA Goes Mainstream
Michael Rothschild, HYPR
3 Min. Read | June 21, 2022
Apple made the announcement that it’s “killing the password” when it comes to authentication. This is after the previous announcement in May where tech giants including Apple, Google and Microsoft announced that each is committed to expanded support for the FIDO standard to accelerate the availability of passwordless sign-ins. For a very long time, access to endpoint devices, applications and data has been anchored by a password. Using password-based authentication is perhaps one of the biggest vulnerabilities out there today. The long history of breaches that include personally identifiable information (PII), corporate data, and access to highly sensitive systems such as critical infrastructure can usually be traced back to a compromised password.
Of course it’s not surprising since the password was never designed to safeguard systems, data or environments; it began life as a way to reserve time on mainframe computers. The fact that we’ve leveraged a string of letters, numbers and characters for authentication amounted to a recipe for disaster from the beginning. Adding layers of security on top (think of one-time passwords, etc.) did not fix this shaky foundation and mostly just added friction to a system. The time has arrived for us to reexamine this paradigm and finally eliminate the gaping vulnerabilities it creates.
What This Means for Businesses
Apple’s anticipated roll-out of “Passkey” brings strong acknowledgement that FIDO-based passwordless MFA supports real security for the authentication process. Nevertheless, enterprises should heed a cautionary footnote. Passkey and similar solutions can help solve a password-laden process, but it is optimized for consumers and is not built to scale across an organization. It cannot address the numerous implementation, security and privacy functions that enterprises require from an authentication solution. For organizations to truly go passwordless, they need a passwordless authentication solution that scales from desktop to cloud across all their use cases, including endpoints, applications, servers, remote access, data, and more. They also cannot be locked into a specific platform or vendor ecosystem.
The Time for Passwordless Is Now
Removing the password from the authentication process is a huge step forward in ensuring the security and integrity of the process by tying it to an individual rather than a device or an easily defeatable string of characters. So what is the significance of the announcement from Apple, Google and Microsoft? As we’ve seen throughout the history of technology adoption, early adopters are the trailblazers when it comes to implementing new technology. They are the “advanced beta customers” that adopt emerging technologies to replace legacy systems that were either outdated or never worked as advertised. With this announcement, passwordless MFA officially moves past the early adopter phase into the full adoption phase where individuals and businesses are inspired to fully embrace a better way of securing what matters most.
We are in a period of history where virtually everything and everyone is somehow tied to technology. With this fact also comes the increased reliance on the security and integrity of our systems amid an increased threat of risk, vulnerabilities and attacks. Our ability to mainstream an advanced, highly secure and seamless way of true authentication raises the tide of security for individuals, organizations and our digital society. And now that tech giants are in full support of “passwordless,” shouldn’t you be?
Wondering how evaluate what is most important in a passwordless MFA solution. How to separate fact from fiction? Check out the Passwordless Security Evaluation Guide.