teissTalk: Provisoning passwordless authentication at scale

teissTalk: Provisoning passwordless authentication at scale

teissTalk Host Jenny Radcliffe was joined by Jeremy Green, Cyber Security Advisory Manager, Vodafone and Jason Soroko, CTO of PKI, Sectigo.

Is Windows 11 another nail in the password’s coffin?
News of Windows 11 offering built-in chip to cloud protection to meet the new security challenges of hybrid work indicates that cyber security is catching up with the improvised work environments and the proliferation of endpoint devices that Covid has brought on.

The move means that Microsoft extending its passwordless sign-in option from enterprise customers to consumers. Although this shift could in the long run secure communication between the computer’s CPU and the cloud for millions of users, computers’ ability to run Microsoft’s latest operating system will depend on their age and the type of processor they use (they will need TPM or Trusted Platform Module).

At the moment, the option for password free login is only for Microsoft accounts, but this will extend to Microsoft apps on iOS, Android, and Windows.

Biometrics – the silver bullet or just some alternative to a username?
Different forms of passwordless authentication have already been around for some time in enterprises. Although the technology exists, upscaling it to millions of users presents major challenges. Military level biometrical authentication does exist, for example, but it’s too expensive for wider adoption. Passwords are also increasingly becoming outdated due to recent shifts in the business and work environments.

Multi-tier supply chains, B2B and B2C relationships involving third parties, as well as the sharp increase in the number of BYOD (bring your own disaster as Jeremy jokingly called it) render the password unfit for the purpose. Also, the popularity of cloud solutions, the extensive use of mobile phones as digital offices and the proliferation of IoT devices have blurred the perimeters of network security and brought about its shift to the application level. The situation is further complicated by the cloud, where applications are distributed across Kubernetes clusters and containers that need to talk to each other across hostile boundaries typically last only for seconds (or five minutes at most).

But, according to Jason, biometrics is not the solution. With today’s technology you can take a picture of someone’s iris or fingerprint and it will have all the information a criminal needs to be able to use it fraudulently. Biometrics is only an announcement of your identity and therefore can only replace usernames, rather than passwords.

PKI or digital certificates, on the other hand, once upscaled, can actually usher in a passwordless future. PKI (Public Key Infrastructure) is used to manage public and private keys and bind them to the entities of organisations or individuals through the issuance of electronic documents called digital certificates. PKI is now routinely used for credit cards, passports and e-commerce and, unlike passports, has encryption and the digital signing capabilities as well.

Advice from the panel
Humans have a natural resistance to change. Therefore, when implementing new authentication systems, it’s key to explain to staff why these changes are necessary. While in 2010 the gospel was not to use a mobile for any form of MFA, today we are told to do just that. As for Windows 11, although it may not offer a seamless user experience on day 1, it marks a significant move towards a more secure future.


Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]