Authentication is Changing
The Fight Against Phishing
Proving your identity (authentication) has a new technology called WebAuthn (pronounced “web-auth-N”), which is gaining popularity for stopping credential phishing attacks.
It’s not required, but you can read more about phishing in the leaders section of this guide.
The Future is Passwordless
Over the next few years, you’re likely to hear more use of the term “passwordless”. This is a term for authentication methods that do not rely on passwords or “shared secrets” to prove a user’s identity.
A shared secret is string of characters, like a password or digit code, which you provide to a website during authentication. The website uses your knowledge of the shared secret to prove your identity.
Unfortunately, criminals have learnt to trick users into revealing the secrets required to authenticate; they then use the secrets themselves to gain unauthorized access.
WebAuthn is Passwordless
WebAuthn is a passwordless form of authentication1, which can be deployed to make authentication easier and more secure.
Use this guide to help educate yourself and others in your organization about the use of WebAuthn
References
- WebAuthn Guide, accessed May 2023