logo
#

Latest news with #passwordless

Identity Security: Overcoming Challenges And Embracing Innovation
Identity Security: Overcoming Challenges And Embracing Innovation

Forbes

timea day ago

  • Business
  • Forbes

Identity Security: Overcoming Challenges And Embracing Innovation

Bojan Simic is the Cofounder and CEO of HYPR, a provider of passwordless MFA and identity assurance solutions. Current identity security strategies are inadequate. My company's survey of 750 global IT security decision makers in January found that only about half of organizations avoided a breach last year, with 87% of incidents rising from basic identity vulnerabilities, such as misused credentials and verification gaps, necessitating a reevaluation of security approaches. To combat modern threats such as social engineering, deepfakes and impersonation, organizations must shift from traditional methods, adopt innovative solutions and redefine trust in identity security. However, challenges may impede progress. Reimagining Identity Security: Overcoming Persistent Challenges Enhancing identity security is now a crucial priority that demands strategic insight and collaboration across industries. Organizations face ongoing challenges, like outdated authentication methods and new threats from generative AI. Despite the significant barriers to robust identity security, the potential for innovation is equally strong. These pain points highlight a mix of challenges and opportunities for progress: 1. The Stubborn Legacy of Passwords: For decades, the cost of password-related breaches and the persistent inconvenience they impose have exposed them as a fundamental security failure. As a primary driver of security incidents, their continued reliance is inexcusable. 2. Misinterpreting Zero Trust: Zero trust is more than a buzzword—it represents a paradigm shift. Many organizations fail to understand that it is not just about acquiring new tools or branding a new security strategy. It involves rethinking how we establish trust in today's digital age. 3. Balancing Security And User Experience: Too often, security measures compromise usability. When security feels burdensome, users are less likely to adopt it effectively. The goal must be to implement robust defenses that integrate seamlessly into the user experience. 4. Phishing's Enduring Threat: Phishing attacks persist, regardless of how advanced defenses become. Human error and weak credentials remain the most common means by which attackers gain access. 5. The Checkbox Mentality: Security is more than a compliance exercise. It requires a genuine commitment to reducing risk. A checkbox mentality leads to vulnerabilities and fosters a false sense of protection. Absolute security demands a proactive, ongoing effort that embraces best practices such as passwordless authentication and zero-trust strategies. 6. Complexity In Cybersecurity Tools: The cybersecurity market has been saturated with tools that promise the world, yet often lead to frustration. If a tool is not intuitive and difficult to implement, it will not be used effectively. Organizations require straightforward solutions that facilitate deployment and management while delivering enterprise-grade security. 7. Supply Chain Vulnerabilities: Recent high-profile software supply chain attacks highlight the interconnected nature of risks. The Lazarus Group used malicious npm packages to steal credentials and cryptocurrency wallet data, and to install backdoors. Attackers also uploaded counterfeit Python packages mimicking legitimate ChatGPT tools to deceive developers and exploit the popularity of AI development. As an industry, we must advocate for greater transparency and more robust security measures from vendors to guarantee that technology is thoroughly vetted and founded on trusted standards. 8. Shifting From Reactive To Proactive Security: Organizations often spend excessive time reacting to rather than preventing threats. 9. Bridging The Cybersecurity Skills Gap: The cybersecurity talent shortage is well-known. While not an overnight solution, developing accessible and intuitive technologies for users and administrators enables teams to focus on what matters most. 10. Challenging The Status Quo: Lastly, one of the greatest frustrations is the resistance to change. In cybersecurity, clinging to outdated practices only exacerbates vulnerabilities. Organizations must embrace innovation and challenge established norms to reap the benefits of meaningful progress. The Identity Renaissance Because of the challenges above, companies are starting to awaken to the need for the Identity Renaissance, a term coined by my company, HYPR, to signify the growing and crucial shift in thinking more deeply about identity security. This movement emphasizes embracing modern, phishing-resistant authentication and prioritizing securing workforce access as a strategic imperative. This means taking decisive actions, including: 1. Implementing An Identity-First Security Model: Identity assurance should be foundational. Phishing-resistant authentication should replace weak fallback methods to safeguard workforce access. 2. Fixing Onboarding Processes: Manual identity checks and document-based verifications are vulnerable to errors. AI-driven identity verification can enhance security while eliminating unnecessary friction. 3. Eliminating Legacy Authentication: Passwords and fragmented security systems create inefficiencies. Companies must prioritize secure, scalable alternatives, such as FIDO passkeys. 4. Unifying Physical And Digital Access: Separate physical entry from digital authentication creates vulnerabilities. Smart credentials streamline access across devices, applications and locations, providing seamless integration. 5. Aligning Security Across Teams: Identity security is not just an IT issue; it impacts HR, security and identity teams. Collaboration and leadership support are crucial to a strong security culture. This is more than a technological shift; it's a movement towards lasting security, resilience and digital trust. Industry leaders must standardize phishing-resistant authentication, improve interoperability and ensure that identity solutions are accessible to all businesses. Brands must treat identity security as a central pillar of their enterprise strategy, not just a compliance requirement. By embracing a zero-trust mindset, simplifying onboarding and aligning security with usability, businesses can create authentication frameworks that are seamless and resilient. Those who take bold steps in AI-driven identity verification, eliminate weak fallback methods and unify access will secure their systems and redefine digital trust. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

About that '16 billion passwords' data breach.
About that '16 billion passwords' data breach.

The Verge

time22-06-2025

  • The Verge

About that '16 billion passwords' data breach.

Passkeys: all the news and updates around passwordless sign-ins See all Stories Posted Jun 22, 2025 at 5:08 PM UTC About that '16 billion passwords' data breach. The original source of the report, Cybernews , says that since the start of the year, its researchers have 'discovered 30 exposed datasets containing from tens of millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.' This isn't a breach of one company or another's systems, but compiled records, with some believed to be from 'infostealer' malware, as well as previous leaks. As Bleeping Computer points out, what you should be doing hasn't changed -- using unique passwords with a password manager, enabling two-factor authentication, and adding other forms of security like passkeys and security keys that can replace passwords altogether.

OneSpan acquires Fido passwordless software authentication solution provider Nok Nok Labs
OneSpan acquires Fido passwordless software authentication solution provider Nok Nok Labs

Finextra

time06-06-2025

  • Business
  • Finextra

OneSpan acquires Fido passwordless software authentication solution provider Nok Nok Labs

OneSpan Inc. today announced the acquisition of Nok Nok Labs Inc., a leading provider of FIDO passwordless software authentication solutions. By joining forces with Nok Nok, OneSpan is driving the industry towards a more secure future, enabling customers to adopt a wide range of flexible, future-proof authentication options. 0 This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author. Combined with OneSpan's recently launched FIDO2 security keys, this strategic acquisition enables the Company to provide customers worldwide with the industry's most innovative, comprehensive, and future-ready authentication portfolio. Whether on-premises or in the cloud, OTP or FIDO, software or hardware—including Digipass, FIDO2 protocols, and Cronto solutions for transaction signing—OneSpan now offers customers maximum flexibility to meet their authentication needs. 'This is more than an acquisition — it's a bold step toward providing customers with maximum choice in authentication,' said Victor Limongelli, CEO at OneSpan. 'We're evolving our entire authentication platform to include FIDO standards because we believe passwordless is an important part of the future. With Nok Nok's world-class technology and FIDO expertise, we now offer the most comprehensive and versatile customer authentication solution on the market.' As a founding member of the FIDO Alliance, Nok Nok has been at the forefront of advancing passwordless authentication standards globally. With a customer base spanning the US, Asia, and Europe, Nok Nok delivers robust, standards-based security solutions trusted by leading enterprises. The company's strong authentication platform ensures seamless integration and scalability, supporting UAF and FIDO2 protocols to meet diverse regulatory and business requirements. Nok Nok leads the industry with innovative solutions that simplify secure user experiences across digital channels. 'Joining OneSpan marks an exciting new chapter for our team and our technology,' said Phillip Dunkelberger, President & CEO at Nok Nok. 'We've always believed that open standards like FIDO are an important part of the future of authentication, and with OneSpan's global reach and innovation engine, we're now poised to bring our vision to an even broader audience.' 'This is an exciting combination for the FIDO Alliance and the authentication market in general,' said Andrew Shikiar, Executive Director & CEO of the FIDO Alliance. 'Nok Nok has been a trailblazer in the FIDO ecosystem, and we're thrilled to see their innovation carried forward through OneSpan's global reach and resources.' With this acquisition, OneSpan plans to integrate the strengths of both companies into a unified, more powerful portfolio that delivers greater value to banking and enterprise customers.

Digital passkeys rollout means no more remembering passwords
Digital passkeys rollout means no more remembering passwords

Times

time07-05-2025

  • Business
  • Times

Digital passkeys rollout means no more remembering passwords

Britain has taken a step towards a future without passwords after the government approved passkeys for use across its services and in Whitehall. Passkeys replace passwords with a unique digital key for each login that is tied to specific devices, such as a phone or a laptop, and are set up using biometrics such as facial recognition or fingerprints. Cybersecurity experts have been encouraging their use to thwart hackers who prey on the weakness of passwords. People often use short passwords or reuse them, enabling criminals to easily guess or take a stolen password to gain access to other accounts. If someone tried to steal a password or intercept a code, they would be unable to gain access without the physical device that contains the passkey. Hackers who attacked Marks & Spencer and the Co-Op are believed to have gained access by tricking IT help desk workers into resetting the password for an employee account. Passkeys would have protected against this type of hack. The technology industry is starting to adopt them as standard and this week Microsoft said that all new accounts would have passkeys as standard rather than use passwords. 'Although passwords have been around for centuries, we hope their reign over our online world is ending,' Microsoft said. The company said it was also much quicker to sign on with a passkey, taking only eight seconds, compared with 69 seconds using a password and second factor. Passkey technology has not been without its hiccups or drawbacks, however. Some users have found compatibility problems with them across platforms like Apple and Windows. The National Cyber Security Centre, part of GCHQ, said: 'Hackers will now focus on finding weaknesses in account recovery and reset requests, whether by email, phone or chat, and pivot to phishing for recovery keys.' On Thursday the government said it would be rolling out passkeys for its digital services later this year as an alternative to the SMS-based verification system. The Department for Science, Innovation and Technology (DSIT) will also clear the way for their adoption across Whitehall. The NHS became one of the first government services in the world to adopt passkeys. Feryal Clark, the digital government minister, said: 'The rollout of passkeys across services marks another major step forward in strengthening the UK's digital defences while improving user experience for millions.' Ollie Whitehouse, chief technical officer at the National Cyber Security Centre, part of GCHQ, called passwords 'a 60-year-old mistake', adding: 'The NCSC has a stated objective for the UK to move beyond passwords in favour of passkeys, as they are secure against common cyberthreats such as phishing and credential stuffing. 'We strongly advise all organisations to implement passkeys wherever possible to enhance security, provide users with faster, frictionless logins and to save significant costs on SMS authentication.'

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store