J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has led IT and IT security in the healthcare and financial services verticals, and advisory and assessment practices in several cyber security consulting firms.
I admit a little nostalgia for my first few passwords. I used to make jokes in my passwords. Sometimes, I’d make promises (saveMoney!, sleep@More). I’m willing to bet you did the same. What changed? By the time you’re reaching hundreds of account passwords, the joy is gone. Let’s discuss what a passwordless tomorrow looks like.
Can passwordless authentication be trusted? “If someone steals my password, I can change my password. If someone steals my fingerprint, what do I do then?” Every new feature we introduce to our users is potentially a new tactic we provide our adversaries. But don't worry, we made an app for that.
Want to know how to get the most out of your trial? In this article, I share what I’ve done to succeed when planning, executing, and finishing a proof of concept.
The place many of us get held up is where to begin. It’s not feasible to move everything into a zero-trust architecture. And passwordless, arguably the first step in establishing strong user identity in order to provide zero-trust for the workforce, doesn’t yet support all applications and workloads. A look to the past can help us understand the future.
The best security control is the security control people actually use. We’ve shifted from enforcing security to creating security that users want to adopt. When it comes to zero trust, one thing many of us have been considering is how to make it attractive to end users. Enter passwordless authentication.
