FB pixel

The authentication sector is betting on passkeys, but passwords refuse to go away

The authentication sector is betting on passkeys, but passwords refuse to go away
 

The results of the 2023 Workforce Authentication Report are out, and show employers eager to move beyond passwords and embrace passwordless authentication through biometrics or other means. But conflicting data shows that what IT leaders are saying and what companies are doing is not necessarily aligned.

The FIDO Alliance, whose advocacy for passwordless technology is a driving factor behind uptake in passkey support, partnered with the password manager company LastPass on the 2023 report, which showed 89 percent of leaders “expecting passwords to represent less than a quarter of their organization’s logins within five years or less.” Ninety-five percent have already implemented a passwordless experience, and 92 percent have “a plan to move to passwordless technology.”

Respondents agree that passkeys will increase overall security, specifically helping to reduce the volume of unofficial applications. Passkeys match two encrypted components, such as biometrics, which are stored separately on the cloud and locally on the device.

“The move towards passwordless authentication has gained steam over the past few years as an increasing number of organizations have moved to eliminate the risk and liability of passwords,” says Andrew Shikiar, executive director and CMO of the FIDO Alliance. “Today’s report backs up this trend by illustrating that global IT leaders are rapidly aiming to reduce their reliance on legacy forms of authentication in favor of passkeys for user-friendly, phishing-resistant sign-ins.”

Face and fingerprint biometrics now an option for Apple passkey authentication

Both iOS and Android users have new passkey options for sign-in, with Apple enabling passkeys through Face ID and Touch ID authentication. A post on 9-to-5 Mac reports that with the availability of new iOS updates, Mac users can now authenticate themselves on any Apple site on the web without the need for a password. On any device running iOS 17, macOC Sonoma or iPadOS 17, a user’s Apple ID will automatically be assigned a passkey for use on iCloud and Apple sites.

A QR code option will also allow users to activate Face ID and Touch ID authentication via their iPhones for non-Apple devices.

Enpass improves security with synced passkeys for Android 14

Enpass was among the first password managers to take advantage of Apple’s new passkey capability, and is also launching passkey management for Android. The firm announced in a release that the introduction of Android 14 enables Enpass’s synced passkey technology, which can generate a passkey that allows users to log into any of their devices

Enpass promises a more personalized security setup, which allows users to select where encrypted passwords and passkeys are stored and synced, rather than defaulting to a proprietary cloud server that aggregates user vaults in one digital location, making them more vulnerable to hackers.

Enpass says its vaults can be stored in the cloud or exclusively on personal devices, syncing directly through Wi-Fi, which the company says enhances security.

Enpass says that, with its unique vault system, hackers looking to target an individual would have to select them personally (versus attacking a central server), know which cloud services you’ve chosen and the credentials for those accounts, pass MFA, and know your Enpass master password.

Passwords refuse to take the hint, remain popular

Passkeys are popping up everywhere, but a new S&P Market Intelligence report from Keeper Security says, don’t believe the hype. In a release, the cloud-based cybersecurity software provider said that, according to the S&P report, “username-password combinations are still the most widely deployed form of authentication deployed in organizations (58 percent). The next most popular forms of authentication are mobile push-based MFA (47 percent), SMS based MFA (40 percent) and biometrics (31 percent).

“Passwords continue to reign supreme as organizations struggle to balance security with simplicity, cost of ownership and flexibility –  particularly in hybrid working environments,” says Darren Guccione, the CEO and co-founder of Keeper Security. “SSO and passwordless authentication – although effective – are not universally supported, and therefore create security holes that leave organizations vulnerable.”

“While passkeys present enticing security benefits, websites have been slow to support them for a variety of reasons. With more than a billion websites in existence, there is a long path ahead for any passwordless option to become ubiquitous.”

These findings aren’t totally out of line with the FIDO Alliance’s report, which, despite the avowed enthusiasm for passwordless tools, shows a majority of respondents (55 percent) feeling they need “more education on how passwordless technology works and/or how to deploy it.” Most are also still using phishable authentication methods. At 76 percent, passwords continue to dominate the rankings.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics developers dance with data privacy regulations continues

Biometrics controversy and investments are often found side by side, as seen in many of this week’s top stories on…

 

EU AI Act should revise its risk-based approach: Report

Another voice has joined the chorus criticizing the European Union’s Artificial Intelligence Act, this time arguing that important provisions of…

 

Swiss e-ID resists rushing trust infrastructure

Switzerland is debating on how to proceed with the technical implementation of its national digital identity as the 2026 deadline…

 

Former Jumio exec joins digital ID web 3.0 project

Move over Worldcoin, there’s a new kid on the block vying for the attention of the digital identity industry and…

 

DHS audit urges upgrade of biometric vetting for noncitizens and asylum seekers

A recent audit by the DHS Office of Inspector General (OIG) has called for the Department of Homeland Security (DHS)…

 

Researchers spotlight Russia’s opaque facial recognition surveillance system

In recent years, Russia has been attracting attention for its use of facial recognition surveillance to track down protestors, opposition…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events