• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCIO: getting to passwordless authentication

Allan Tan by Allan Tan
June 8, 2021
PodChats for FutureCIO: getting to passwordless authentication

PodChats for FutureCIO: getting to passwordless authentication

A 2020 study commissioned by NordPass revealed that most people, on average, have about 100 passwords to remember. That number increased by 25% from 2019 and is attributed in part to the COVID-19 pandemic, with people doing more things online, and thereby introducing the necessity to generate new accounts.

Just how many of these 100 passwords are iterations of a few is up for speculation. The obvious danger of repeated use of the same or similar passwords is a compromised one password exposes the others exponentially.

In the digital era, customers are clamouring for easier, more seamless access to the services they subscribe to but expect no less than flawless protection of what private information they have given out.

They want the iPhone engagement experience but with the security of something akin to the protection detail that a country president might have. Sounds like wishful thinking? Maybe.

Andrew Shikiar, executive director at FIDO Alliance, acknowledged this to be a challenge: It comes down to integrity, security, and usability. He opined that the way passwords are implemented and used today presents a challenge to making this possible.

Acceleration – the hallmark of COVID-19

Shikiar noted that before 2020, digital transformation was a vague concept with a lot of consulting hours being poured into it. Organisations would have a four-year or five-year plan outlined on a whiteboard.

“COVID-19 compressed that four-year timeframe into a four-month timeframe, where all of a sudden, everyone had to figure out how to secure their workforce,” he opined. For a bank, he continued, the new imperative in 2020 was getting branch-only customers to move online.

“But it was not only the businesses that noticed this, the hackers did as well. The result is a massive spike in cyberattacks, between February and April 2020. What we saw is that the rapid need to harden all the infrastructure associated with online communications was accelerated with COVID-19,” he commented.

The core problem of passwords and authentication

Shikiar was quick to point out that password protection is a risk because the passwords sit inside a server. This, he countered, is a shared secret.

“Anything on a server can eventually be stolen — or can be manipulated out of someone's hand,” he continued.

Stolen credentials that find their way into the dark web can be programmatically stuffed into bots that are then used to attempt to log in to more sites. Shikiar notes that this approach has a high success rate that cost billions of dollars per year.

“It's this kind of self-perpetuating cycle because that leads to more credentials being stolen through that process,” he continued.

“The fundamental problem is that this dependency on the server-side, shared secrets such as passwords, will only perpetuate as long as we're dependent on that methodology to secure users,” he added.

He believed that while passwords are the weakest form of user authentication, anything that is not possession-based, that is put on a server that requires verification, can also be manipulated. He cited the well covered-story of how SMS as a two-factor authentication method is insecure.

“What we need to do is move the world away from this model of centralised authentication based on shared secrets to one that is more possession-based where you are logging into the device in your hand, either by using a biometric or just by proving possession of a device or even entering a pin, something that's not transmitted over the internet. By logging in locally, only you or someone in possession of his/her device can log in,” he suggested.

Transitioning to a passwordless authentication environment

Start with a password strategy, opined Shikiar. The CIO needs to identify which systems (applications) are dependent on passwords and started prioritising a passwordless approach to authentication.

Click on the podchat player to listen to Shikiar’s perspective of how passwordless authentication be implemented.

  1. Why is authentication the cornerstone of digital transformation?
  2. How has COVID-19 accelerated the need to secure our devices, and what are some of the challenges that organisations face in doing so?
  3. What are the risks of relying on passwords for authentication?
  4. Where do we stand with passwordless authentication today?
  5. What needs to happen for businesses and users to adopt passwordless authentication?
    1. What is the investment cost to adopt FIDO authentication?
  6. How can an organisation safely transition to passwordless authentication?
  7. Who should own the deployment and adoption of passwordless authentication?
  8. What questions should leadership and the Board ask their CIO with regards to passwordless authentication?
Related:  Digital banking attitudes among Malaysians and Filipinos
Tags: 2FA2FA SMS authenticationAuthenticationCOVID-19cybersecurityFIDO AllianceNordPasspasswordlessPodchatstwo factor authentication
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe