IDG Blog | Is ‘password-free security’ possible?

In the days when password configuration was simple, passwords were a necessary headache. But with more than 15 billion credentials traded on the dark web, keeping passwords secure has become a science project.
ⓒ Getty Images Bank

Many experts advise that passwords consist of at least 12 random characters, and that passwords used on one site should not be used on another. Since there is a limit to remembering all passwords for each site, services such as password managers have appeared. But these password manager apps are also password protected.

No one hates passwords as much as a website operator. Personal information management startup Beyond Identity conducted a survey of 1,000 users Poll As a result, two-thirds said they stopped creating new accounts because of new password settings. Three-quarters gave up on purchasing items due to password reset issues.

Can you get rid of all passwords? The good news is that many companies are investing a lot of time and money to develop a way to get rid of passwords. The bad news is, nonetheless, passwords aren’t completely gone.


It is not easy to generalize the representative solution ‘OAuth’

Leading companies are steadily developing solutions that do not require passwords. Identity and access management companies like Okta, Ping Identity, OneLogin, and Cisco offer enterprise services that allow password-less access to pre-approved sites. A password is required to use the service, but once approved, it is free. On the downside, you can’t find banks or Netflix for non-business use in the list of approved sites.

The most common users use OAuthall. It is an open protocol that provides login information from trusted sites such as Facebook, Google, and Apple to other sites instead of creating a new account. Otsu is a safe and easy-to-use solution on the premise that you only log in to an authenticated server. But from a website administrator’s point of view, it’s a little different.

“Otsu is cryptographically secure, but it’s quite difficult for website administrators to get it right,” said Jane Bond, head of product management at Keeper Security. Be aware of all fixes and versions, and sometimes the necessary information is not in the setup guide. They are also using security technology, but they may have misconfigured it.” It is for this reason that many small business owners’ sites do not use Otsu.


Solutions that pop up all over the place… We need a ‘standard’

Microsoft is the latest to jump into this space. In September, Microsoft introduced a feature that allows you to log in to your Microsoft account without entering a password. However, this feature did not fundamentally eliminate logins. This is because it requires a sign-in with the Microsoft Ascendant app or other means, and it still only works with a Microsoft account.

A bigger problem is that Otsu and many other solutions are mixed in the password management market. Because of the lack of a single standard, users still rely on password managers, authentication apps (I use three), biometric controls, and text codes.

Many startups are taking on the challenge to solve this problem. Magic Labs uses public and private keys generated on the Ethereum blockchain, and Secret Double Octopus is known to utilize technology to protect nuclear launch codes. Transmit Security, which recently raised $543 million in investment, used biometric information to authenticate users between devices. Beyond Identity raised $100 million in investment with a technology that stores public and cryptographic keys on a site using TPM installed on a computer or smartphone.

“If you have an account, you can log in without a password,” said Jin Goo, product marketing manager for Beyond Identity. The user gives them an email address, and Beyond Identity sends an email and creates a binding.”

The challenge facing identity management companies is selling solutions to website operators. The more competitors there are, the less likely it is to acquire target users. “With so many websites on the Internet, password-free security is difficult to achieve,” Bond said. Establishing a standard is a faster way than competing between companies.”

Until the day when ‘password-free security’ is realized, users must protect themselves. Invest some money in a password manager program, follow the 12 random character rule, and enable multi-factor authentication on sensitive accounts. It may be difficult, but if you have experience exposing your personal information to risk, you will understand that it is worthwhile. [email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!