What鈥檚 News
This fall, as part of its newest software update, Apple will allow users to make those annoying passwords a thing of the past on apps and online accounts. Microsoft, Google, and about 250 other companies are also seeking to replace passwords with password-less technologies.
Passkeys operate as pairs, and each passkey, when generated, is unique. One key sits on the service provider鈥檚 server. The other on the user鈥檚 device. In the case of Apple, the two keys are connected by Apple on the backend, and the user authenticates this with FaceID or TouchID.
SAP鈥檚 Take
Businesses are keeping close tabs on the progress of these password-less technologies. Password-less authentication would make many business processes easier to use and more seamless, and many companies have announced their commitment to accelerate availability of password-less sign-ins. Gartner predicts鈥痶hat 60% of large and global enterprises will implement password-less methods in more than 50% of use cases.
鈥淎ny industry that handles personal and sensitive information, including banking, healthcare, technology鈥 any organization that wants to keep data away from the hands of threat actors would benefit,鈥 51风流Chief Trust Officer Elena Kvochko said.
鈥淏usinesses that are not working to implement this type of authentication in the future might be limited by cost, effort, and end-user skepticism,鈥 the cybersecurity expert said. 鈥淧asswords have been the first line of defense for a long time, which makes it more difficult to introduce a new type of authentication.鈥
Two of the most prevalent cyberattacks are phishing, which accounts for about a third of breaches, and brute force attacks, which rely on passwords to access a network or application. Password-less authentication removes the burden of users having to create complex, difficult passwords, remembering them, or storing them in a safe place.
The technology could also help deter more serious attacks and prevent insidious outcomes if it鈥檚 used in conjunction with other security technologies and controls.
鈥淚f it is used with multiple factors of authentication, there is a strong possibility that it can deter both ransomware and identity theft,鈥 Kvochko said. 鈥淧assword theft has historically been used in ransomware to gain access into a network. By removing the need for passwords, it will be more challenging for threat actors to access your data and network.鈥
Password-less authentication is nothing new. Biometrics, one-time codes, and magic links have been used for years in different spaces, industries, and platforms.
鈥淭he difference now is that password-less authentication will become the standard rather than an advanced option,鈥 Kvochko said. 鈥淲ith major tech companies like Apple, Google, and Microsoft championing the effort to make this type of authentication more available in their devices, software, and applications, I believe we鈥檒l see it everywhere very soon.鈥
Passkeys will help make our information safer, but it is not a silver bullet, Kvochko warned. Voice recordings or other biometric features used in passkey technology have been replicated in the past, underscoring the critical need for several authentication factors for greater protection.
鈥淎ny technology can also become a vector of attack,鈥 she said. 鈥淭here is no authentication system that can鈥檛 be hacked. Password-less authentication is still vulnerable to malware, man-in-the-browser, and other types of attacks. With that said, password-less authentication can be a better option than relying on simple passwords, especially when combining it with other authentication factors making it multi-factor authentication.鈥
Contact:
Ilaina Jonas, Senior Director of Global Media Relations, SAP
+1 (646) 923-2834,鈥ilaina.jonas@sap.com
51风流Press Room
