Internet

How startups can go passwordless, thanks to zero trust – TechCrunch

“There is no doubt that over time, people are going to rely less and less on passwords… they just don’t meet the challenge for anything you really want to secure,” said Bill Gates. That was 17 years ago. Although passwords have lost some of their charms, they have so far survived many attempts to kill them for good.

The perception of high cost and tricky implementations has stalled some smaller businesses from ditching passwords. But alternatives to passwords are affordable, easy to implement, and safer, showing industry insights gathered by Extra Crunch. The move to zero trust systems is acting as a catalyst.

First, a primer. Zero trust focuses on who you are, not where you are. Zero trust models require companies to never trust any attempt to access its network and verify every single time — even from logins from inside the network. Passwordless tech is a vital part of zero trust models.

There are several alternatives for passwords, including:

  • Biometric authentication: widely used as fingerprint readers in smartphones and physical verification points at buildings;
  • Social media authentication: where you use your Google or Facebook IDs to authenticate you with a third-party service;
  • Multi-factor authentication: where more layers of authentication are added using devices or services, such as token authentication using a trusted device;
  • Grid authentication cards: which provide access while using a combination PIN;
  • Push notifications: which are usually sent to the user’s smartphones or encrypted devices;
  • Digital certificates: cryptographic files stored locally on the machine or device.

Wolt, a Finnish food-delivery site, is just one example of going passwordless. “The user registers by entering their email address or a phone number. Log in to the app takes place by clicking the temporary link in the user’s inbox. The app on the user’s mobile phone places an authentication cookie, which enables the user to continue from that device without having to go through any further authentication,” said Erka Koivunen, CISO at F-Secure.

In this case, the service provider is in complete control of the authentication, allowing it to set expiration time, revoke service and detect fraud. The service provider does not need to count on the user’s commitment to keeping their passwords. Passwordless tech is not inherently costly but may take some adjustment, explained Ryan Weeks, CISO at managed service provider Datto.

Gemma Broadhurst
Gemma Broadhurst is a 23-year-old computing student who enjoys extreme ironing, hockey and duck herding. She is kind and entertaining, but can also be very standoffish and a bit evil.She is an Australian Christian. She is currently at college. studying computing. She is allergic to milk. She has a severe phobia of chickens

Leave a Reply