Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

5/28/2019
12:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

8 Ways to Authenticate Without Passwords

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
4 of 9

HYPR

George Avetisov, CEO and co-founder of HYPR, has been on a mission for some time now. He aims to help people understand that moving away from the 'shared secret' of a password must be replaced by a system where the user's device holds a private key that can get authenticated by either touch, a thumbprint, or facial recognition.

'We look to eliminate shared secrets,' says Avetisov, who adds that in deploying HYPR, security teams can give their users a choice of how they want to authenticate.

'People don't want to be forced,' he says. 'For example, we ran a study in Australia and found that people didn't like eye recognition, where in Europe and the United States, they found it more acceptable.'  HYPR customer Mastercard, Avetisov added, gives its users a choice of a fingerprint, facial recognition, and a PIN.  

Image Source: HYPR

HYPR

George Avetisov, CEO and co-founder of HYPR, has been on a mission for some time now. He aims to help people understand that moving away from the "shared secret" of a password must be replaced by a system where the user's device holds a private key that can get authenticated by either touch, a thumbprint, or facial recognition.

"We look to eliminate shared secrets," says Avetisov, who adds that in deploying HYPR, security teams can give their users a choice of how they want to authenticate.

"People don't want to be forced, he says. "For example, we ran a study in Australia and found that people didn't like eye recognition, where in Europe and the United States, they found it more acceptable." HYPR customer Mastercard, Avetisov added, gives its users a choice of a fingerprint, facial recognition, and a PIN.

Image Source: HYPR

4 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
ScottyTheMenace
50%
50%
ScottyTheMenace,
User Rank: Apprentice
6/6/2019 | 5:46:08 PM
Touch ID is not passwordless
Not sure if it was your intent to suggest that it was, but Apple's Touch ID is not passwordless.

In iOS, you still have to set a passcode, and it seems to be the passcode that actually unlocks your device. All Touch ID does is use your fingerprint to fill the passcode into the field. (I don't know the technical details to know that's the case, but it sure seems like that's what's happening.) You're also forced to use the passcode seemingly at random (though it's probably time delimited) and to activate Touch ID after a restart.

I love using Touch ID—it's quite convenient—but its dependence on a typed passcode actually encourages users to use weak passcodes that are easily remembered since they'll eventually need to type it in, and typing the passcode* 984ELBMYAq[[email protected]%t5sM+5{j=9AYH__4jqDr on a touch keyboard is not real fun.

 

* Generated just now. Not any of my passwords. C'mon now, do I look that dumb? DON'T ANSWER THAT!
wibblewibble
100%
0%
wibblewibble,
User Rank: Apprentice
5/30/2019 | 7:49:18 AM
SQRL
Don't forget SQRL! https://www.grc.com/sqrl/sqrl.htm
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.