Word of the Day: passwordless authentication

Word of the Day Daily updates on the latest technology terms | July 16, 2019 passwordless authentication Passwordless authentication is a verification process where a user confirms his or her identity without the requirement of manually entering a string of characters. Authentication methods include biometrics, security tokens and piggybacking off of another application, service or device which has already authenticated the user. Passwordless authentication is commonly used on mobile devices such as smartphones, tablets or laptops and applications such as Slack or WhatsApp. The benefits of using passwordless authentication include: Improved user experience (UX). Faster login times into applications or devices. Less maintenance of passwords required for IT staff. Reduced chance of phishing attacks, password re-use or password leaks. Types of passwordless authentication With passwordless authentication, users are presented with one or multiple methods of signing into an application or device without the need to enter a password. Common types of passwordless authentication include email-based, SMS-based, multi-factor, biometrics or passwordless authentication for logged-in users. Authentication through email includes verifying a user with a magic link or one-time code. With a magic link, the user first enters their email and a unique token is created for the user and sent to them by email. The user clicks the link and the service being used will identify the token and exchange it for a live token, logging the user in. With a one-time code, a user will enter their email address and an email will then be sent to them with a unique one-time code. The user then enters the code into the service, which will verify the user and log them in. Authentication through SMS will begin with the user entering their phone number, prompting a one-time code to be sent to their phone. The user will input the code into the service, where the service will verify the code and phone number, and log in the user. However, SMS passwordless authentication may be less secure than other methods of passwordless authentication as SMS authentications have recorded multiple attacks in the past. SMS and email-based passwordless authentication can also log into a service through a second device through push confirmations, using the first connected device as a communication channel. Multi-factor authentication uses any (typically) three authentication factors to log in a user such as security questions, PIN codes and contact information. What these factors are depends on the device/service. Biometrics is another common form of passwordless authentication. Biometrics focuses on technology such as fingerprint scanners or face scans. This form of authentication is commonly found on mobile devices such as smartphones. Android devices will commonly use fingerprint scanners (normally located on the power button, back of the device or even under the front display), while Apple devices (which used to use this authentication format) now use face authentication. Quote of the Day "Passwordless authentication isn't automatically secure, and its security depends on its implementation." - Kevin Beaver Trending Terms phishing two-factor authentication fingerscanning facial recognition mobile authentication biometric authentication Learning Center Despite Windows 10 issues, customers remain confident in OS Windows 10 issues continue to generate headlines and appear to be giving the operating system a bad name. But that's more appearance than reality for Microsoft customers, according to one analyst. Benefits of mobile passwordless authentication With passwordless authentication for mobile devices, IT ensures that its organization isn't one guessed password away from a major breach. This technology relies on authentication factors such as trusted email accounts and devices. Microsoft wants to eliminate passwords -- and there's an app for that Microsoft bolstered its plan to eliminate passwords with an update to its Microsoft Authenticator app, which will extend passwordless logins for Azure AD-connected apps. Identity management strategy starts with people, not technology In this Q&A, Gartner analyst Kevin Kampman discusses how an organization's identity management strategy has transformed and the way organizations should incorporate identity management into their business process. Ponemon study: Poor password practices remain rampant A Ponemon Institute report, sponsored by Yubico, revealed that despite concerns over privacy and data protection and a greater understanding of security practices, poor password practices are still rampant. Quiz Yourself The phishing email warned that unless I updated my contact information, my eBay account would be ______________. a. canceled b. cancelled Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.