There’s a reason that passwordless access is quickly becoming a way of life in today’s society. The phrase alone might make it sound vulnerable but, in reality it’s actually a lot more secure than a just password protecting your most valuable data.
So how does it work and what are the benefits?
The benefits/how it works:
Passwordless access (such as a biometric signature or single sign-on) can sign you in to your accounts without the need for remembering or entering your password. Depending on the software being used, signing on without a password can send you a unique login link to the email associated, send a push-notification to an authenticator application or send a code to your email/SMS to enter into program or site you’re logging into – you may have had experience with this when logging into Amazon and being prompted for a One Time Password (OTP). This means that there is less risk of reusing the same password for multiple logins and sharing them with others when needed. If everyone has their own unique token or link then there is more security and less chance of a cyber-attack.
On top of this, if passwords are scrapped altogether, then there is less need to pay your IT department to manage and support user’s passwords every day.
What is prevented:
Password Spraying: This is when cybercriminals try and access multiple accounts with common or generic passwords.
Credential stuffing: When stolen credentials (username and passwords) are used to break into user accounts – this can be performed via automation on a large scale.
Phishing emails: Emails which disguise themselves as everyday emails related to the user – i.e their bank, employer, subscriptions etc – and try to get the user to input sensitive information to their fake site or email.
Keylogger Malware: A device is infected with malware that tracks and records keystrokes, therefore recording any passwords entered whilst that malware is onboard their machine.
Social Engineering: As simple as it sounds, a cybercriminal could pose as a legitimate agent online and have no trouble getting the information from their intended target. There are also many cases of cybercriminals posing as service providers over the phone and tricking users into giving out their personal details and credentials.
You can see how easy it is to be fooled into giving out your details here: What is Your Password? – YouTube
Removing passwords means making these methods (amongst many others) redundant.
Should you wish to find out more information or investigate options for implementing this into your business, ONGC will be able to discuss this with you – call us now!