They have limitations: 41% of attacks are related to committed credentials. Webauthn and access keys are ways.
Most of us use passage words every day. To work, to see the bank account, to enter social networks… and so on.
But this authentication method It should end. The idea is defended (also) by Sophos, security solutions company.
In a statement sent to ZAP, the company stresses that the passwords have limitations, As they have all Knowledge -based authentication methods.
Nowadays, traditional authentication methods are easily outdated by the sophisticated techniques, tactics and procedures (TTPs) of Cybercankers.
In fact, almost half (41%) of attacks have as their compromised credentials – which are the main cause of attack.
Double or multifactor authentication solutions (2FA/MFA) They also often depend on knowledge -based secret codes – shared through SMS or authentication applications. That is, they are also vulnerable methods.
Alternative?
Sophos reinforces that a stronger multifactor authentication goes through the protocol Web car – What uses access keys or passkeys in particular.
This protocol requires that when an account is created, a single pair of public/private cryptographic keys is generated. These are stored locally: on the website server, for the public key; and at the user terminal for the private key, along with the user’s name and identification of the user.
Thus, when it starts session, the User no longer needs to introduce a password or a secret code shared by SMS or an authentication application; receives a digital authentication request that can only be resolved if the user is in the physical possession of a device and can prove that he is the owner of the private key – through biometric verification, for example.
In the background, it is in the same a method of authentication based on two factors, but do not depend on the user’s knowledge – but physical possession of a device and the biometric characteristics of the user himself.
In principle, these credentials cannot be stolen through conventional methods of phishing.
“We have to remove us from the dependence on passing words and shared secrets. The keys of access or passkeys they currently represent the most robust solution to build a future without passwords, without phishing And we hope, without large scale commitment, ”commented Chester Wisniewski, director of Sophos.
World Word Day Day is marked this Thursday, May 1st.
