• JIT Access
        • Self Service Secure Passwordless Authentication

        • JIT Policies
        • Effective Access Policy Control for your entire organization

        • PAM
        • Simplified Privileged Access Management for the cloud and onPrem

        • JIT Approvals
        • Secure Custom Non Repudiation Approvals Management

        • Healthcare
        • Learn how to completely secure the Healthcare environment.

        • Legacy Devices
        • Learn how to leverage our JIT platform to secure your legacy and IOT devices.

        • Vulnerability Mitigation
        • Discover how using JIT Access and PAM can prevent a variety of CVE’s and attacks.

        • Compliance
        • Learn more about how our audit and compliance tools can help you maintain compliance.

        • Passwordless
        • Going passwordless doesn’t have to be hard. Find out how we can get you up and running fast.

        • Protecting Users with Intent
        • Upgrade your security, reduce costs and empower your users by capturing intent.

Google, Apple, and Microsoft are going passwordless-is it safe enough?

Is biometric authentication safe enough without multi-device approval?

In the last decade, cybersecurity measures have evolved from single passwords to 2FA to MFA. Now, big companies like Google, Apple, and Microsoft promise to bring the world to fully passwordless authentication. 

These giant players claim they’re well on the way to equipping users with passwordless sign-on using FIDO-compliant biometrics. Of course, users who don’t have to bear the burden of cybersecurity are eager to ditch the hassle of passwords. And tech support teams are likely just as pleased with the prospect of no more password recovery calls jamming up their help desk queue.

Sure, there are superficial benefits, but CISOs should now ponder whether passwordless authentication is as secure as it promises to be. 

Let’s take a look at the top cyber trends for user login and authentication.

People working on coding

3 current cyber trends for user login and authentication

It makes sense that everyone wants to get rid of passwords. After all, 81% of recent hacks use stolen or weak passwords. But, are “passwords” the problem, or are login and authentication processes the problem? Also, why are companies still allowing users to set weak passwords? 

To understand the promises and risks of a passwordless future, here’s an overview of the current cyber trends for user login and authentication and their pros and cons.

Passwordless login

This type of authentication is exactly what it sounds like — logging into user accounts without entering a username and password. There are many forms of passwordless login, from biometrics scanning to physical tokens, digital tokens, proximity badges, and authentication apps.

Passwordless login pros and cons

 

Pros

Cons

No password management for the user

Physical tokens can be lost

More difficult for phishing attacks

Digital tokens can still be stolen

Less upkeep for IT

Can be difficult to implement

Biometrics

One of the common ways to implement passwordless login is with biometrics. In the past few years, most people have become used to using fingerprint scanners to access smartphones. There are also retina scanners, face recognition, voice recognition, and other types of biometric authentication.

Biometrics pros and cons

Pros

Cons

User never loses credentials

If stolen, biometrics cannot be changed

Simplified user experience

Many biometric readers can be hacked

SSO

Single sign-on (SSO) is an authentication management solution that allows users to login in once, creating an authorized session that grants access to multiple applications. Google, Apple, and Facebook have been using SSO features since 2019, and it’s becoming a more widespread solution offered by cybersecurity providers.

SSO pros and cons

Pros

Cons

Users don’t have to remember multiple passwords

Initial login is still vulnerable to weak passwords

Multi-application UX is seamless

If breached, attackers have carte blanche access

Third-party providers can help manage security

SSO doesn’t inherently improve security

Person looking at their phone

Hacking concerns for the big boys

In recent months, major tech companies have promised to roll out passwordless solutions that they expect to become standard in all kinds of technologies, taking over other cyber trends. Passwordless has already been in the works for enterprise cybersecurity teams over the last several years. 

The security measure is intended to prevent phishing attacks, which pose a massive vulnerability for 2FA methods like SMS and one-time passcodes. Now, everyone hopes that passwordless features will tip from innovative to mainstream security.

There are some issues with the prospect of passwordless going mainstream, however. Surprised? You shouldn’t be. Hackers don’t just throw up their hands when new security solutions bar their attacks. Even (perhaps especially) the big boys like Microsoft and Google aren’t exempt from threat actors.

Microsoft has already been breached by the notorious Lapsus$ hacking group- stealing source code and leaking biometrics data. So has Okta, a leading SSO provider. And Windows Hello, a biometric authentication system for Windows 10, dealt with a vulnerability to biometric MFA bypass.

Large corporations often drive security advancements because of their vast resources. Clearly, these new advancements are not bulletproof. Not to mention, operating on a new zero-trust philosophy can become problematic when the largest, most centralized enterprise companies are the ones spearheading security for everyone else.

person typing on their laptop

Do passwordless and SSO offer enough protection in today’s complex landscape?

Data breaches and hacks happen every day, compromising important information that was supposed to be secure. Despite the fact that Apple recently promised to implement more and better SSO features, attackers are not letting up.

Passwordless solutions like biometric authentication are surprisingly easy to trick. Fingerprint readers, for example, can be duped up to 80% of the time by using imprinted glue. And often, attackers find a way to bypass biometrics altogether.

There’s also the problem of social engineering. However secure passwordless login or SSO becomes, people can always present vulnerability. Italian spyware managed to breach Android devices by baiting users into clicking malicious links. 

Takeaways for cybersecurity in your company

Unfortunately, the task of ensuring security is never “finished.” Like washing your hands or making your bed, there’s always a new day and a new mess to clean up. Breaches will happen, but staying on top of cyber trends, embracing passwordless solutions while understanding their limitations, and simple endurance are all critical for your company’s cybersecurity.

As always, a key component of any security plan is educating users. People are vulnerable, and attackers know that. Passwordless login, SSO, and biometrics are all making the user experience better, but they’re not securing your data in a vacuum. Stay alert.

Scroll to Top