Skip to main content

How startups can go passwordless, thanks to zero trust

“There is no doubt that over time, people are going to rely less and less on passwords… they just don’t meet the challenge for anything you really want to secure,” said Bill Gates.

That was seventeen years ago. Although passwords have lost some of their charm, they have so far survived many attempts to kill them for good.

The perception of high cost and tricky implementations has stalled some smaller businesses from ditching passwords. But alternatives to passwords are affordable, easy to implement, and safer, show industry insights gathered by Extra Crunch. The move to zero trust systems is acting as a catalyst.

First, a primer. Zero trust focuses on who you are, not where you are. Zero trust models require companies to never trust any attempt to access its network, and must verify every single time — even from logins from inside the network. Passwordless tech is a key part of zero trust models.

There are several alternatives for passwords, including:

  • Biometric authentication: widely used as fingerprint readers in smartphones and physical verification points at buildings;
  • Social media authentication: where you use your Google or Facebook IDs to authenticate you with a third-party service;
  • Multi-factor authentication: where more layers of authentication are added using devices or services, such as token authentication using a trusted device.
  • Grid authentication cards: which provides access while using a combination PIN number.
  • Push notifications: which are usually sent to the user’s smartphones or encrypted devices.
  • Digital certificates: cryptographic files stored locally on the machine or device.

Wolt, a Finnish food-delivery site is just one example of going passwordless.

“The user registers by entering their email address or a phone number. Login to the app takes place by clicking the temporary link in the user’s inbox. The app on the user’s mobile phone places an authentication cookie, which enables the user to continue from that device without having to go through any further authentication,” said Erka Koivunen, CISO at F-Secure.

In this case, the service provider is in full control of the authentication, allowing it to set expiration time, revoke service, and detect fraud. The service provider does not need to count on the user’s commitment to keep track of their passwords.

Passwordless tech is not inherently costly but may take some adjustment, explained Ryan Weeks, CISO at managed service provider Datto.

“It is not necessarily costly in terms of monetary investment, because there are a lot of easily accessible open-source alternatives for multi factor authentication that don’t require any sort of investment,” said Weeks. But some companies believe passwordless tech may cause friction to their employees’ productivity.

Koivunen also dismissed that zero trust models are unaffordable for startups.

“Zero trust recognises the futility of forcing users to authenticate themselves by presenting something they should keep as secret. Instead, it prefers to establish the user’s identity using some context-aware method,” he said.

Zero trust goes further than authenticating users; it also includes the device and the user.

“From a zero trust perspective, there is an idea that there is a continuous authentication or revalidation of trust occurring. Therefore, passwordless in a zero trust model is potentially easier for the user and more secure as the combination of the ‘something you have’ and ‘something you are’ factors are more difficult to attack,” said Datto’s Weeks.

Larger companies, like Microsoft and Google, already offer zero trust technologies. But investors are also eyeing smaller companies that offer zero trust for growing companies.

Axis Security, a zero trust provider that allows remote employees to access their company’s network, raised $32 million last year. Beyond Identity raised $75 million in funding in December. And, Israel identity validation startup Identiq raised $47 million in Series A funding in March.

Use ‘productive paranoia’ to build cybersecurity culture at your startup



from TechCrunch https://ift.tt/3foEuDi
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT
Post a Comment
Read more

Max Q: Anomalous

Hello and welcome back to Max Q! Last week wasn’t the most successful for spaceflight missions. We’ll get into that a bit more below. In this issue: First up, a botched launch from Virgin Orbit… …followed by one from ABL Space Systems News from Rocket Lab, World View and more Virgin Orbit’s botched launch highlights shaky financial future After Virgin Orbit’s launch failure last Monday, during which the mission experienced an  “anomaly” that prevented the rocket from reaching orbit, I went back over the company’s financials — and things aren’t looking good. For Virgin Orbit, this year has likely been completely turned on its head. The company was aiming for three launches this year, but everything will remain grounded until the cause of the anomaly has been identified and resolved. It’s unclear how long that will take, but likely at least three months. Add this delay to Virgin’s dwindling cash reserves and you have a foundation that’s suddenly much shakier than before. ...
Post a Comment
Read more

What’s Stripe’s deal?

Welcome to  The Interchange ! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up  here  so you can receive it directly in the future. Every week, I’ll take a look at the hottest fintech news of the previous week. This will include everything from funding rounds to trends to an analysis of a particular space to hot takes on a particular company or phenomenon. There’s a lot of fintech news out there and it’s my job to stay on top of it — and make sense of it — so you can stay in the know. —  Mary Ann Stripe eyes exit, reportedly tried raising at a lower valuation The big news in fintech this week revolved around payments giant Stripe . On January 26, my Equity Podcast co-host and overall amazingly talented reporter Natasha Mascarenhas and I teamed up to write about how Stripe had set a 12-month deadline for itself to go public, either through a direct listing or by pursuin...
Post a Comment
Read more