• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCISO: Taking passwordless authentication mainstream

Allan Tan by Allan Tan
October 10, 2022
PodChats for FutureCISO: Taking passwordless authentication mainstream

PodChats for FutureCISO: Taking passwordless authentication mainstream

For most of our online lives, our accounts are protected by a username and password. These protect the data stored in our accounts, including financial, personal and pretty much anything we value both digitally and physically.

As there are many ways to achieve a goal, so too we’ve discovered over the years that cybercriminals are more than happy to expend the effort to hack into our accounts – everything from brute force attacks to outright stealing our passwords through social engineering techniques.

Can we go passwordless? The quest for a passwordless authentication solution is forecast to reach US$53.64 billion by 2030. According to the State of Global Enterprise Authentication report by Yubico, 59% of employees (surveyed in the study), still rely on usernames and passwords as their primary methods to authenticate into their accounts.

Primary way(s) businesses authenticate into their accounts
Source: 2022 State of Global Enterprise Authentication, Yubico

Swati Rakheja

Gartner principal analyst, Swati Rakheja, says passwords have persisted primarily due to being free and highly ubiquitous in many enterprise systems. She acknowledged that passwords have long been proven insecure.

“Issues such as poor memorability of passwords, weak or reused passwords, password storage, phishing, social engineering and brute-force attacks persist with the use of passwords.”

Swati Rakheja

Geoff Schomburgk, vice president for APJ at Yubico, defines passwordless authentication as any login process that doesn’t require the user to enter a password.

Rakheja says passwordless authentication may leverage public key cryptography to provide a stronger mechanism to authenticate a user. She acknowledged the expanding use of passwordless options particularly in online applications and SSO providers but noted that enterprise implementations remain nascent.

In 2011, Google and Yubico invented the Fast Identity Online (FIDO) standard to provide universal second-factor authentication. This partnership evolved to become the FIDO Alliance. In 2021, Microsoft made passwordless authentication, based on the FIDO2 standard, to access Microsoft accounts.

Today, the FIDO Alliance includes players like Identity Access Management (IAM) vendors, Virtual Private Network (VPN) vendors and others who are all providing their support for the FIDO2 standard.

Driving interest to go passwordless

Continuing high-profile cyber attacks such as the Colonial Pipeline in the US, SingHealth in Singapore, the Shangri-La hotel chain in Hong Kong, and the Optus in Australia, all suggest that enterprises and consumers remain vulnerable to cyberattacks.

Schomburgk says cyberattacks persist because of lax security habits and the inconvenience of current authentication practices.

He notes that over 80% of data breaches are a result of stolen or compromised credentials – username and password. With an average user having at least 100 different online accounts, each with its own user ID and password, and different requirements to change passwords, managing these quickly become challenging.

“If we can provide a secure solution, but also easy, where we don’t need to use or don’t need to rely on the password, then that will drive adoption,” opined Schomburgk.

Passwordless and zero trust

Software supply chains have become a new attack vector. In a VentureBeat article, Janet Worthington, senior analyst at Forrester, explains that a software supply chain attack occurs when a customer installs or downloads compromised software from a vendor, and an attacker leverages the compromised software to breach the customer’s organisation.

Geoff Schomburgk

“Adopting zero-trust principles with all software including third-party software can help to mitigate the risk of a supply chain attack,” he added.

Schomburgk claims that the application of passwordless authentication is one of the easiest things to implement when it comes to zero trust.

“In a zero-trust world, your login is your front door. Criminals don’t break in, they log in! When it comes to zero trust, the simplest way of doing that is to make strong authentication at that front door and make the strongest level of security so that you protect that front door. The best way to do that is like what you do in your house, use a physical key a security key like a YubiKey."

Geoff Schomburgk

Is passwordless authentication ready today?

Schomburgk believes passwordless authentication is a medium-term proposition in the next two to three years before it can become mainstream.

He pointed to Microsoft’s implementation of passwordless to their Azure platform. The 2022 announcement by Google and Apple for support of FIDO2 will push passwordless adoption further. The partnership between the FIDO Alliance and the World Wide Web Consortium (W3C) aims to standardise FIDO Authentication for the entire web platform.

Making passwordless mainstream

For passwordless to become mainstream, supply and demand must meet in the middle. He says the supply side – the ecosystem of developers, standards bodies, etc – is already making it available.

He acknowledged that much needs to happen on the demand side. He cited the recent effort by the Biden Administration in the US to mandate the use of phishing-resistant authentication for all government agencies. This could mean a smart card or FIDO2 standard.

“Anyone doing business with someone doing business with the US government will then also be required to. That will facilitate adoption from the user side,” he posited.

He conceded that not everywhere is ready to mandate or enforce this. “We see many of the government recommending bodies for security, encouraging it or stating it as best practice or it’s highly recommended,” he added.

The CISO/CIO and passwordless

Security is important. “we need to be as strong as possible to be phishing resistant and as preventative as possible. Zero trust is another example of trying to prevent bad things from happening as much as possible. But adoption is key, said Schomburgk.

He suggested starting with organisations that require the highest level of security and giving them the convenience of making it easy to do their job. “It is about this adoption and transforming how they do their business to make it easier. This convenience will then kick in, and it’ll start to filter through,” he continued.

Schomburgk says education is a critical part of the CISOs role to help employees understand that they are doing this for a good reason, but will it be easy for them as well?

“From a CISOs point of view, framing that understanding of the human dynamics, making sure that people understand and are educated on why they’re doing it, and the level of information that must be protected in the organisation. These are all factors that I think can be considered,” he concluded.

 Click on the PodChat player and listen to Schomburgk elaborate on options organisations must integrate passwordless authentication as part of their security framework.
  1. Before we dive into our topic, perhaps you tell our audience what Yubico is all about.
  2. Please describe the passwordless security landscape in 2022.
  3. What is driving interest in passwordless security?
  4. How do you apply passwordless security efforts to the zero-trust initiative?
  5. Is passwordless security a long way off from becoming mainstream?
  6. What needs to happen for passwordless security to become part of everyday computing needs?
  7. For the CIO/CISO in terms of reframing their security strategy to incorporate passwordless security?
Related:  Leading in the age of transformation 2.0
Tags: FIDO AllianceFIDO2 standardGartnerPodchatsYubico
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe