Security and convenience - those two words can hardly be found in the same sentence. Being a balancing act, there is constant fight between IT operations and IT security, between those that have to maintain users happy and those that are trying to protect their enterprise from breaches. And still, at one of the most prominent places for both, the users and the attackers, right at the desktop which remains the entry door into all our IT systems, they do neither please their users nor do they stop credential based attacks successfully…isn’t that weird?
Nobody is happy with the current state of authentication. Companies aren’t happy with the level of security they have. Users aren’t happy with the inconvenience and complexity. What’s the point of giving users a terrible experience that barely protects the system they’re accessing?
Everybody is talking about Passwordless Authentication as it sounds pretty simple and straight forward but how is that secure? What does passwordless really mean and what other authentication factors are required to achieve what used to be called strong authentication? Is passwordless just another hype or do we need to replace all existing, password based MFA solutions that have been introduced over the past decade or two? And finally, how convenient can passwordless authentication really be?