Authentication Archives - J Wolfgang Goerlich

Archive for the ‘Authentication’ Category

Passkey Authentication, ITProToday

Posted March 2, 2024 by Wolf Goerlich

Many organizations are interested in using passkeys instead of conventional passwords, but how much better are they?

Despite rising concerns about password security and a growing trend towards passkeys and other multifactor authentication tools, passwords remain the primary mode of authentication.

Excerpt from: Is Passkey Authentication More Secure Than Traditional Passwords?

Organizations are advised to use MFA on every website and application. For added security, users should use MFA methods with a physical token or software-based authenticators rather than less secure methods like text or email-based authentication.

Wolf Goerlich, a faculty member at IANS Research, suggested that IT professionals expand their focus beyond the initial authentication factor. “This should include device identity and posture, and the context and conditions of the request,” Goerlich said. “This risk-based authentication provides a defense against account takeovers by session hijacking, along with other common attack techniques.”

Goerlich also recommended that development teams pay attention to session handling, giving careful consideration to the detection and prevention of session hijacking.

Read the full article: https://www.itprotoday.com/identity-management-and-access-control/passkey-authentication-more-secure-traditional-passwords

This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

ZDnet article on identification and authentication

Posted January 19, 2024 by Wolf Goerlich

Identification can no longer be just identity. Authentication can no longer be just authenticating. Compromised identity remains a foundational component for most attacks today. To overcome these vulnerabilities, organizations must step up their defenses around identification and authentication.

I’ve a guest article on ZDNet covering the problem and providing steps for a good defense.

Authentication is more complicated than ever. 4 ways to improve cyber defenses for our new reality

Bad actors are taking advantage of complex identity infrastructure to sneak in the front door, says Wolfgang Goerlich, advisory CISO for Cisco Duo.

Cisco Rolls Out Duo Passwordless Authentication, Sees WebAuthn Usage Surge

Posted November 2, 2022 by Wolf Goerlich

Excerpt from: Cisco Rolls Out Duo Passwordless Authentication, Sees WebAuthn Usage Surge

Cisco plans to roll out its Duo Passwordless Authentication globally next Wednesday. This push is in line with the findings from Duo Security’s recent report which showed that passwordless adoption continues to climb.

“We’re starting to reach a tipping point where the hardware is ubiquitous, the standards are in place, and enough services support the standards, and that’s really driving that increase that we see in web authentications. So now … organizations can adopt them with confidence,” Goerlich said.

Read the full article: https://www.sdxcentral.com/articles/news/cisco-rolls-out-duo-passwordless-authentication-sees-webauthn-usage-surge/2022/11/

Has Covid-19 killed the password? 

Posted January 15, 2021 by Wolf Goerlich

The pandemic has shone a spotlight on the weaknesses of the most common form of digital authentication.

Excerpt from: Has Covid-19 killed the password?

It is also important to remember that biometric devices have advanced significantly over the past decade, says Goerlich. Continuing to enhance these features – for example, by making it standard to make access to a system contingent on normal user behaviour patterns – will prove essential in shoring up public trust in the technology.

“Some of the set-ups that I’ve seen, a criminal would have to steal your fingerprint, steal your phone, steal your laptop, log in from a region that you’re usually working at… and then start accessing applications that you normally access,” says Goerlich. “That’s a lot of complexity and a lot of hurdles for a criminal to jump through.”

Even so, the end is far from nigh for the password itself. For one thing, upgrading corporate infrastructure to support passwordless authentication remains a gargantuan task. “You’re going to have this really long tail, which could go on [for] years, if not decades, of legacy systems that we’re going to continue to maintain, and we’re going to continue to maintain because they still provide business value,” says Goerlich.

Read the full article: https://techmonitor.ai/cybersecurity/has-covid-19-killed-the-password

Let’s not Become Password Huggers: Passwordless Guest Post on SC

Posted December 29, 2020 by Wolf Goerlich

SC Magazine has a guest blog from me on passwordless authentication, and the importance of addressing usability, manageability, and defensibility.

Change happens at an uneven pace. Take the latest smartphone. The camera still has a lovely shutter click, though digital cameras have long since surpassed shutter cameras. The QWERTY keyboard was designed to solve the problem of jamming in 19th century typewriters. And yes, to open apps and websites alike, we’re still using an idea conceived of 60 years ago for mainframes: the password.

We cling to the password. It’s security’s first, and sometimes disastrously, last line of defense. As surely as we know the camera doesn’t have to click, we know the password can be replaced by stronger factors. In fact, with adaptive and contextual controls, replacing the password means greater security and user experience benefits.

What’s holding us back from moving forward with passwordless?

Read the full article here: Three ways we can move the industry to passwordless authentication