Why Are Companies Like Microsoft Going Passwordless? Should Your Organization Consider Doing the Same?
Why Are Companies Like Microsoft Going Passwordless? Should Your Organization Consider Doing the Same?
Passwordless solutions are not exactly “new” by any stretch of the imagination, having been used by government agencies as far back as the early 90’s. While to concept is not new, the associated technology has not evolved all that much, at least until recently.
Passwordless has become such a polarizing buzzword, that as Yubico so eloquently states, “Say the word ‘passwordless’ to a room full of security professionals and you will get a range of reactions, from a wry smile to a walk-out. That’s because the information security community knows that ‘passwordless’ is a loaded term, and the industry is filled with differing and contradictory positions on the topic.”
Despite the staggering difference of opinion on the topic, one thing remains clear. Passwords are a problem. Ask either side of the aisle, and no one will deny that the most common and potentially damaging cybersecurity risk for every organization are compromised login credentials. Here are some quick statistics demonstrating just this point.
- – The financial sector has experienced a 45% increase in phishing attacks, where the attacker creates a phishing site to steal customer and employee credentials.
- – Cyber threats targeting industrial control systems (ICS) have skyrocketed year after year. In fact, between 2018 and 2020, there was a 500% increase in attacks on industrial entities.
- – Over half (53%) of healthcare IT decision-makers reported experiencing a data breach of their cloud network in 2021.
- – Software and other technology companies often have key management responsibilities across many platforms, which increases the surface area for attacks. For example, developers will sometimes use personal repositories for work projects, which is how 85% of leaks happen.
Up until 2022 passwordless was a hard journey that only the largest organizations in the world were able to achieve. However, this increase of attacks has forced the identity leaders in the world to make this technology accessible to everyone. Now with cloud technology such as Azure CBA (Certificate Based Authentication), Azure FIDO2, and Microsoft Authenticator passwordless authentication, organizations of all sizes can go passwordless without the need of a highly specialized team. Register for a free webinar hosted by Keytos where Natee Pretikul a principal PM lead in Identity and Network Access Engineering in Microsoft and Igal Flegmann the Co-Founder and CEO of Keytos go over how easy it is to go passwordless with Azure AD (Active Directory) and Keytos EZSmartCard.
*** This is a Security Bloggers Network syndicated blog from Keytos authored by Keytos. Read the original post at: https://www.keytos.io/blog/2023/04/17/why-are-companies-like-microsoft-going-passwordless.html