By Brady Hicks Identity or Authentication The risk of the ‘passwordless’ approach SECURITY With traditional logins come inherent problems. Remote users can grow weary from having to manage, remember and update their credentials. They may turn to dangerous shortcuts such as password re-use and sharing. It also can become difficult for businesses to track their teleworkers’ activity, monitoring for bad habits that may expose the corporate network – or worse. Then, there are the malicious bad actors, constantly scanning an expanded attack surface in search of any new opening to exploit. For many, such as the Fast Identity Online Alliance (FIDO), the answer has been to advocate for total elimination of passwords in favor of truer verifiers of identity. Under this type of system – which is set to be supported by FIDO partner platforms such as Microsoft, Apple and Google – users would have to verify that they are who they say they are, via a unique pin, pattern or personal biometric identifier, often on a separate device. For many, however, the risk is far too great. According to Julia O’Toole, the founder and CEO of MyCena Security Solutions, FIDO’s recommendation to eschew passwords promotes a dangerous precedent that blurs the very lines between access and identity. Instead of critical corporate data falling to risk, it may in fact be your workers’ own identities at stake. “In the physical world, the difference between applications is straightforward,” wrote O’Toole, in a piece for www.globalsecuritymag.com. “Your identity is used to identify yourself … not [to] automatically give you access, just validates that you are who you say you are … Moving into the digital world, people lose their reference points and start mixing the two.” And this reality, she continued, “has led to the current state of digital insecurity we live in.” O’Toole contends that biometric identifiers provide strong verification but are in many ways far too personal. While it is easier for the casual criminal to uncover a password than, for example, a fingerprint, facial scan or voice, the stakes are considerably Julia O’Toole, founder & CEO, MyCena Security Solutions 8 REMOTE WORK SOLUTIONS rwsmagazine.com
RkJQdWJsaXNoZXIy NTg4Njc=