Aug 22 2023

How Organizations Can Prepare for Passwordless Authentication

The password has survived previous predictions of its demise, but the end seems near at last. Here’s how to prepare for what’s next.

What’s prompting experts to predict the demise of passwords? You’ve heard it before. Cybersecurity experts have anticipated the end of passwords for almost as long as passwords have been around. But this time, especially as most organizations move to two-factor authentication, which is an intermediate step to passwordless security, the end really does seem near. Meanwhile, tech giants Google, Apple and Microsoft recently announced efforts to support passwordless sign-in standards set by the FIDO Alliance and the World Wide Web Consortium. That could give passwords a final shove out the door.

Click the banner below for more on how agencies are using IT to improve public safety.

Why Is Password-Only Authentication a Security Risk?

Qwerty. 12345. Password. Many people aren’t good at coming up with strong passwords, and even more may reuse passwords for multiple services. Hackers can crack passwords through brute force. But the biggest risk with password-only authentication is single-factor authentication. Two-factor authentication resolves this with a second layer of defense, forcing users to confirm both something they know (a password) and something they have (a cellphone).

How Does Password Spraying Work?

Attackers repeatedly attempt to compromise password-only accounts, especially internet-exposed services. They’ll use a list of common usernames and passwords in hopes of finding a match. Then they will “hope and spray” millions of passwords to try to find one that works.

LEARN MORE: How identity and access management supports a zero-trust environment.

How Can an Organization Prepare for a Passwordless World?

Start by putting two-factor authentication in place. That will require you to set up the necessary infrastructures and learn more about passwordless authentication. You can also learn about industry-standard services such as the trusted platform module and FIDO, which offer strategies for replacing passwords.

What Is a Passkey and How Does It Work?

A passkey is typically a PIN that’s part of public-private key cryptography. It’s a private key that unlocks an account secured by a public key. A public key cryptographically linked to the private key is then verified, providing secure, passwordless authentication. With passkeys, multi-factor authentication and new passwordless sign-in standards, passwordless security could be near.

tsingha25/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.