Page 135 - Cyber Defense eMagazine September 2022
P. 135
Using Identity for Access Is a Huge Cybersecurity Risk
Why FIDO’s proposal to use identification for cyber access opens more security vulnerabilities
for threat actors to exploit
By Julia O’Toole, Founder and CEO of MyCena Security Solutions
In recent months, the Fast Identity Online (FIDO) Alliance has announced its commitment to supporting
passwordless authentication across all of its products. The group – consisting of technology companies
such as Apple, Google and Microsoft – has been planning this approach for nearly a decade and is
expecting to implement it across platforms later this year.
FIDO initially began work on a system that lets users log in to their online accounts without using a
password – instead utilising a PIN, biometric, iris scan or voice recognition. Now, FIDO believes it can
provide better protection over legacy multi-factor authentication and better protection against malicious
phishing attacks.
Rather than relying on users to remember their passwords directly, they would instead be stored on the
user’s device or cloud sync service associated with their operating system. Their phone becomes the
access point to their work domain – access authenticated via inputting their PIN, or by using fingerprint
or face identification.
FIDO hopes to reduce the reliance on passwords and give users a way of keeping their credentials to
hand, as they move between devices. However, this overriding regard for convenience above security
could potentially be leaving vital data vulnerable to threat actors.
Cyber Defense eMagazine – September 2022 Edition 135
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
