Sean Dyon

As organisations grapple with constant and developing cybersecurity threats, the transition from password-based systems to passwordless authentication has emerged as a critical priority. 

Passwords, long the standard for digital security, are now recognised as a weak link in cybersecurity defences. With research showing that password vulnerabilities are the root cause of over 80% of data breaches, passwords are susceptible to a range of threats, including phishing attacks, brute force hacking attempts, password reuse across multiple platforms and human error in creating and managing complex passwords. These vulnerabilities have led to countless data breaches and security incidents, costing businesses millions and eroding consumer trust. 

In contrast, passwordless authentication technologies like passkeys provide enterprises and their employees with a more secure and reliable method of authentication.

HID, a leading provider of identity and access management solutions, has been at the forefront of this transformation, working with partners and the industry to help accelerate enterprise adoption of passkeys. Sean Dyon, the Director of Strategic Alliances at HID, highlights the company’s role in shaping the passwordless future: “Our mission is to empower trusted identities for people, places and things across the globe. We achieve this by enabling secure, seamless authentication that enhances individual productivity, strengthens workforce efficiency and ensures the freedom to navigate across physical and digital spaces,” he says.

“What we have been increasingly working towards is to accelerate adoption in the enterprise, and we’ve been doing that by working with the industry and through partnerships like Microsoft.”

Phishing Resistance Through FIDO Authentication

At the heart of the passwordless revolution are the FIDO (Fast Identity Online) standards. These open standards, developed by the FIDO Alliance – an industry association dedicated to reducing reliance on passwords – provide a framework for secure, user-friendly authentication. 

HID, a long-standing member of the FIDO Alliance, has been instrumental in advancing these standards. "FIDO is built on the foundation of establishing trust," Sean says. “This is crucial because it ensures that the communication between the user and the service remains secure and cannot be intercepted by a third party.”

Central to HID’s approach is enabling organisations to become “phishing resistant end-to-end so that they can truly become passwordless,” Sean says. With 89% of organisations experiencing a phishing attack in the past year, the FIDO standards are central to this mission. “FIDO is critical because it eliminates shared secrets such as passwords, which are often targeted by phishing attacks,” he explains.

One of the biggest advantages of FIDO-based authentication is the elimination of vulnerabilities associated with traditional passwords. Unlike passwords, which can be reused across multiple sites and are susceptible to phishing, passkeys rely on public key cryptography that ensures the user's credentials never leave their device. By generating a unique pair of keys for each user – comprising a public key stored on the server and a private key securely held on the user's device – this approach eliminates the need for shared secrets like passwords, significantly reducing the risk of phishing attacks and unauthorised access.

According to Sean, the emphasis on “phishing resistant end-to-end” authentication is a core tenet of HID's strategy – which involves the creation of a “chain of trust” between the user, the credential and the resource being accessed. For example, an attacker cannot impersonate a legitimate website, such as a financial institution, to trick the user into authenticating through a fake portal. The cryptographic key pair ensures that the authentication process is direct and protected from potential threats, preventing unauthorised access and ensuring the integrity of the transaction.

Read the full report HERE

**************

Make sure you check out the latest industry news and insights at Healthcare Digital and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Healthcare Digital is a BizClik brand