Passwordless Authentication: Weighing the Options
Vložit
- čas přidán 7. 07. 2024
- Learn about today's Cybersecurity threats → ibm.biz/BdKRTv
Explore AI-driven cybersecurity solutions → ibm.biz/BdKRTm
Trying to balance password security vs. convenience?
In this video, Jeff Crume explores the evolution of password security and alternatives like biometrics and FIDO.
Get the latest on the evolving threat landscape → ibm.biz/BdKRTK
Great Video!
One argument I do have against "have" and "are" options is the availability/reliability of the devices required to authenticate them. If I need my phone and its stolen/broken, then its inconvenient. If the biometric fingerprint reader malfunctions, then i am locked out. These are not easy to replace quickly. So while I agree these combinations are the most secure, I do believe these can be the most inconvenient when things go wrong.
Definitely there are tradeoffs and no perfect solution here. I would say, however, that given the proliferation of mobile devices with biometric readers built-in, this is less likely to be forgotten than a password and we typically know very quickly if they are stolen (unlike passwords) and get them fixed quickly because they are such an essential part of every day life
Not just inconvenient, but sometimes catastrophic! I lost my phone while on vacation last month and attempted to use my husband's phone to locate / lock it down. I knew all of my relevant passwords, but without the ability to verify via one 2FA method or another, I was completely stonewalled. The only saving grace was my laptop, with stored biometrics, waiting for me when I got home a week later. So, I agree. It's a great direction, but there are some major hurdles that need to be cleared.
Another concise and engaging video that all IT/cyber folks would benefit from watching and considering the authentication options that are now available- passwords are SO insecure. Thank you Jeff!
Thank you for the great feedback!
You can never underestimate how important these videos from you, but for me some small things are so frustrating(as already mentioned here in comments), if on your android smartphone, if you failed to pass bio for some reason(wet fingers, bad angle, low light or sunglasses, whatever) after couple fail attempts you either should input pin code or pattern, which you have to hide in public area(can be catched by camera or pair of eyes) which make it a little bit inconvenient. On the other hand I still shocked how many high level organization's websites asking some ridiculous questions (usually set of them) like mother's maiden name, fav pets or first teachers and keeping them as the ultimate and only option. I guess many of this info bad acts can fish from media platforms, not mentioning that it's hard to remember what you put there couple years ago, overthinking to not make it obvious but more secure 🤯 But as always, Thank You for comprehensively clear and straightforward video
Thank you for the kind words! Yes, it really is complicated especially when dealing with the exception cases. On the whole, though, I think passwords are pretty awful and should be a last resort rather than a first one
FIDO is definitely by design the solution
Jeff, old friend. Very well described.
So glad you liked it!
Another issue is that not everyone is using mobile phones (think of many older folks or visually challenged). I never use a phone for any banking or other serious work, instead I'm always using a laptop which may or may not have bio-metric features built in. Again, every method has its pros and cons, there's no perfect solution.
Great teacher and content. Keep it up :)
Thanks so much!
I saw some new security beta programs for post quantum and something similar to fido but although they have two different origins i think as in the video they could in the near future especially be used with a mobile device that contains a much better build of security kit into it... Also i am just this year starting to hear or read about the potential of adapting the already researched bio computer stuff like the new buo computing or photonic computing languages built for ai driven purposes. I'm really interested🤔 to hear about it more. Thanks.
Clear explanation
Great video Jeff.
Thanks!
Great video.
Thanks!
Just I worried about most of factors are rely on USIM and telephone system. When attacker steal your SIM card and If you not did SIM hardware-lock in case. It is very dangerous issue until you try to register your new SIM. (even the bio-key does not resist of this attack. it is similar with changing the phone. Bio auth is only authentication in hardware, not qualified by network or server or etc. ) Stealing SIM is not often occur in real world, but be aware of take care of your phone. And sometimes... SIM break down in naturally.
I recommend backup system of telephone. May be use 2 or more phone number, email, recovery key which can use offline-based system.
NOTE: recovery key same as password. don't take picture of this don't save any digital thing if it is important. Just write on your book and lock of it. recovery key is not used in most of case. Don't use it normal case.
It's definitely a risk, but far less of a risk than what we are facing now with people using self-chosen passwords, which are much easier to steal than a SIM
Just use an eSim. This is enabled by the telecom carrier if the phone supports it. So there is no physical sim. If the phone is stolen report it and the telecom carrier can block it so its useless.
@@jeffcrume Yes as video explained! Password is worst thing. But in future I hope may be better than using the phone or smartphone to authentication.
I've experienced it before when telephone is totally break. In my country, there is no alternative calling method to fix the SIM problem, payphone is very rare.(SIM problem can't support with internet) I had assistance 3-way conversation phone call on telegram VOIP-VOIP-telephone.. very horrible :(
Hi. I have a question.i love the MFA initiatives. And great videos on security. I agree the passwordless is a blessing in disguise. On a device I also have a passcode. This system is faulty as the something I am is left open to something I know. On my device my passcode can get all my password and my cybersecurity team(‘just me myself and I) are left open to an attack of my bank account and access to personal information etc. I wonder if their may be suggestions of how to keep our devices more secure and yet accessible in case of a os problem camera problem/ fingerprint?my 4 or 6 digit passcode is the concern and I want security for my own device. The external it has done a great job but at home could have bad actors also. Any wise words would help. Thanks. And no keep your passcode hidden answers 🙏. Should have watched till the end thanks Jeff. See hope in the fact Siri may only listen to my voice not a child’s voice?
Do you have to be able to write in mirror flip in order to work for IBM?
No, I can barely write forwards. Search the IBM Technology channel for “how we make them” and you’ll see how
Really like your videos. Insane good.
But now I would disagree. Costs of the HW Token is xx but fido is more expensive, even for the needed backup. For me FIDO is xxx at the costs.
Thanks for watching and for the great feedback. My reasoning is that FIDO passkeys can be generated on the fly for virtually no cost vs. a HW token which is inconvenient, has a fixed cost, can be lost or broken (and need replacing), etc.
Can you affiliate link to a secure password manager program/app?
Is it possible to create a FaceID on one phone from a picture displayed on another phone without the actual physical face?
According to Apple, no. They say that “The TrueDepth camera captures accurate face data by projecting and analyzing thousands of invisible dots to create a depth map of your face and also captures an infrared image of your face.”
FIDO eliminates the reliance on passwords, which are the primary target for credential harvesting there by reducing the attack surface but getting end users to always use mfa is no easy feat
True, but if we make MFA more accessible, the barriers go down. For instance, it is much more convenient to unlock a phone with facial recognition than to enter a passcode.
@@jeffcrumeAs MFA use grows, I can see more concern over privacy regarding users biometric and location-based data.
The problem with any bio-metric method is that if a person passes away either young in an accident or of old age, then usually bio is not available for their loved ones to access bank and other accounts. Every method has pros and cons, there's no perfect solution.
Definitely there are pros and cons with every option. Typically, you would not rely exclusively on a biometric, though. It would be combined with other factors and offer a manual override/intervention as needed
@@jeffcrume - Once you have a backup password method, it kind of defeats the high security of bio-metrics authentication. Always pros and cons, there's no perfect system.
Must have phone. Must have internet connection. Almost forgot, must have credit card.
Why a credit card, though?
I love cakes as well
Chocolate cake is my favorite vegetable! 😋
push-bio vs FIDO-bio/pki.. that's a bit confusing to compare
Password 🔑
Password