Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication?
The industry needs to trust passwordless authentication (FIDO2). Adversaries and then criminals have circumvented our authentication controls for decades. From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks.
What holds us back from getting rid of passwords? Trust. In this session, we will propose a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor, and to reassess based on shared signals (CAEP). We will share a path forward for increasing trust in passwordless authentication.
Cash.App is the #1 financial app in the US. It started out with a password-less authentication paradigm back in 2013, built around OTP verifications. We are now transitioning to the next generation password-less experience built around passkey. While the transition offers many promises, the path comes with several challenges, around security guarantees, backward compatibility and seamless user experience. We share insights we learned along the journey.
As long as passwords exist, enterprises are vulnerable to account takeover attacks –yet organizations looking to eliminate passwords may not know where to begin their passwordless journey. While passwordless authentication methods—especially those based on FIDO2—are widely available, they are not yet universally supported nor adopted. This lack of a universal approach can cause confusion and complacency—or both. Attend this session to learn why (and how) organizations should move away from passwords and legacy MFA to advance to and adopt a secure passwordless strategy centered on phishing-resistant MFA in 2023
This session will provide an overview of the market for Passwordless Authentication products and services and will present a compass to help you to find the Passwordless Authentication product or service that best meets your customers, partners, or workforce needs. KuppingerCole´s Alejandro Leal recently published a Leadership Compass for Passwordless Authentication and examined the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Passwordless Authentication solutions.