What is passwordless authentication?
Dec 09, 2020
As the name suggests, passwordless authentication is a method of identifying users with alternative tools, such as authentication apps or biometrics, instead of typing a password. Cybersecurity experts claim that using a password is old-fashioned and has to give way to more advanced options. So, what are the benefits of passwordless authentication?
How does passwordless authentication work?
The first computer password was introduced in the 1960s and has been the most popular method of authentication ever since. However, with evolving technologies, some services now offer authenticating yourself without a password.
Passwordless authentication falls into two categories:
- something you have (a password generator, hardware token, or registered mobile device);
- something you are (a fingerprint, retina, or voice).
Instead of typing your password to log in, you can scan your fingerprint or generate a one-time password with an authentication app.
When a password is combined with passwordless authentication as an extra step, it’s called two-factor authentication. While passwords are widely considered as weak links in IT infrastructure, two-factor authentication enhances security and mitigates the risk of having your credentials stolen.
Passwordless vs password-based authentication
Security. Most data breaches happen because users’ passwords are mistakenly stored in unsecured databases. But if you have nothing to store, there is nothing you can lose.
However, passwordless authentication has its drawbacks. Perpetrators can physically force you to authenticate yourself with your fingerprint or retina. They can also conduct a man-in-the-middle (MITM) attack, redirect you to fake landing pages, and scam you.
Reuse. It’s an open secret that people use the same password for multiple accounts. Imagine your employee using the same password for their Facebook account and for accessing Dropbox, which contains your company’s legal documents. Password reuse is bad practice, and users still don’t understand how dangerous it is.
User experience. The most complicated part about your password is that you have to remember it. Cybersecurity experts claim that a strong password should contain at least 12 characters in a random order. But how can you remember that? Some people use password managers, but you can also authenticate yourself without a password and forget this headache once and for all.
Cost. The majority of authentication issues in organizations are related to password resets. IT administrators waste a lot of time and money on this rather simple task, while passwordless authentication could save them the trouble.
How passwords work in NordLocker
NordLocker has two passwords: one for accessing your account and another for accessing your encrypted lockers. The latter is called the master password. Even if a hacker were to steal your credentials and log in to your app, your files would remain secured with the master password.
Whether you choose to keep your files on the computer or in the NordLocker cloud, they are protected with top-notch encryption. Without the master password, these files are just scrambled pieces of data.
Both password and passwordless authentication have their benefits and drawbacks. What works for one organization might be not acceptable for another. Passwords are not dead, but you need to use them wisely. Otherwise, nobody can protect you.
Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.