Why Is Password-Only Authentication a Security Risk?
Qwerty. 12345. Password. Many people aren’t good at coming up with strong passwords, and even more may reuse passwords for multiple services. Hackers can crack passwords through brute force. But the biggest risk with password-only authentication is single-factor authentication. Two-factor authentication resolves this with a second layer of defense, forcing users to confirm both something they know (a password) and something they have (a cellphone).
How Does Password Spraying Work?
Attackers repeatedly attempt to compromise password-only accounts, especially internet-exposed services. They’ll use a list of common usernames and passwords in hopes of finding a match. Then they will “hope and spray” millions of passwords to try to find one that works.
LEARN MORE: How identity and access management supports a zero-trust environment.
How Can an Organization Prepare for a Passwordless World?
Start by putting two-factor authentication in place. That will require you to set up the necessary infrastructures and learn more about passwordless authentication. You can also learn about industry-standard services such as the trusted platform module and FIDO, which offer strategies for replacing passwords.
What Is a Passkey and How Does It Work?
A passkey is typically a PIN that’s part of public-private key cryptography. It’s a private key that unlocks an account secured by a public key. A public key cryptographically linked to the private key is then verified, providing secure, passwordless authentication. With passkeys, multi-factor authentication and new passwordless sign-in standards, passwordless security could be near.
