"The vast majority of cybersecurity transgressions -- many of which lead to the exfiltration of confidential information or financial losses -- start with a password phishing scam. Research shows that 98% of end-users continue to fall prey to phishers despite cybersecurity training. The only answer to the phishing scourge is an industry-wide effort to get rid of passwords (embellished with second-factor codes or not) as the primary means of authenticating with websites, apps, and other online services (collectively referred to as "relying parties")."
"And that's what the FIDO Alliance's passwordless passkey standard is all about: offering a new, secure way to login that doesn't require you to furnish a secret like a password as a part of a typical authentication workflow. (See ZDNET's series on how passkeys work.) The logic goes this way: If there's no password to share with a legitimate relying party, then there's no password to accidentally share with phishers and other social engineers."
The vast majority of cybersecurity breaches start with password phishing, often resulting in data exfiltration or financial loss. Research shows 98% of end-users continue to fall prey to phishers despite cybersecurity training. The FIDO Alliance's passkey standard offers passwordless authentication that removes the need to supply a secret password to relying parties. Passkeys require an intermediary such as a password manager to create, store, and present credentials during login. This creates a chicken-and-egg problem when trying to enable passwordless access to the password manager itself. Dashlane now supports passkey logins on desktop based on a W3C draft, with mobile support expected early next year.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]