Time’s up for weak authentication this Cybersecurity Awareness Month.

Passwords have long been the default security method for protecting all manner of accounts, both professional and personal. Although better than having no protection at all, passwords have been proven to fall susceptible to today’s most common cyber attacks and are prone to common credential stealing scams such as phishing, password spraying and man in the middle (MitM) attacks. They are undoubtedly the least effective method of securing online data.

As a result we are seeing more and more organisations (and individuals) moving towards passwordless authentication whereby accounts are secured with alternate methods to the traditional username and password combination. Organisations looking to steer their cybersecurity in this direction are strongly advised to consider opting for strong multi- or two- factor authentication (MFA/2FA) solutions to integrate into their overall cybersecurity strategy. Both MFA and 2FA authentication solutions require a user to present two or more forms of identity verification as an added layer of security to permit
user access.

However not all multi/two-factor authentication is created equal. For example, one-time passcodes (OTPs) sent by SMS and mobile authentication apps are the most popular forms of 2FA. And while any form of 2FA offers better security than just a username and password combination, they are vulnerable to phishing, MitM attacks, SIM swapping and account takeovers. What’s more, on the usability side, keying in an OTP may seem relatively easy, but multiply that by the number of logins and apps used each day, and friction soon stacks up. Added to which, it relies on the user’s device being charged and having a signal at a precise moment in time.

Delivering strong security without compromising usability has never been more important than in the era of remote working. Driven largely by the pandemic, hybrid working practices are here to stay, and businesses must ensure that their security strategies are fit for purpose. Our 2021 research into ‘cybersecurity in the work from anywhere era’ found that 42% feel more vulnerable to cyber threats while working from home, with 39% feeling unsupported by IT, while 62% reported not having completed cybersecurity training for remote work.

Despite the seismic shift in working practices that we’ve witnessed over the last two years, even some of the world’s largest companies continue to struggle with passwords and legacy MFA solutions such as OTPs. Many are also now experiencing successful attacks against employees’ use

of push notification systems. Authentication schemes that rely on the use of symmetric secrets (e.g. passwords and one time passwords) and systems that are susceptible to accidental acknowledgement (in the case of push notifications) are among the most serious and fundamental security problems faced today. However, they are in continued use around the world and we are simply not seeing the same focused approach to solving this issue as we’ve seen in other areas of information security.

As a ‘quick-fix’ solution, organisations often implement approaches to mitigate incremental changes to the attacker’s approach. For example, this can include increasing password length, regular mandatory resetting of passwords, requirements around character combinations, and using technology to compare passwords against known breached passwords. These approaches are fundamentally flawed, however, and continue to delay the introduction of authentication systems. In order to make meaningful progress toward stopping the increasing level of attacks of these legacy mechanisms, it is important that
we stop trying to fix them and start considering them as vulnerabilities, just as we’ve done with other legacy solutions (e.g., MD5, SSL, and telnet).

For example, FIDO2, an open authentication standard hosted by the FIDO Alliance, offers expanded modern authentication options including strong single factor (passwordless), strong two factor, and multi-factor authentication. FIDO is a set of authentication protocols specifically aimed at providing secure authentication, protecting users’ privacy, and reinforcing existing password-based login processes. FIDO2 reflects the newest set of digital authentication standards and is a key element in addressing issues surrounding traditional authentication and eliminating the global use of passwords. It allows users to easily authenticate via devices with built- in security tools – like fingerprint readers, smartphone cameras, or hardware-based security keys – to access their digital information.

Phishing-resistant protocols implemented within a physical security key, which are FIDO2- enabled, are considered best of breed solutions to stop sophisticated cyber attacks like phishing in their tracks. More and more corporations are now opting for MFA solutions and FIDO2 protocols also supported by global organisations, OS platforms, and online browsers including Apple, Salesforce, Twitter, Google, Microsoft, and the US Government.

The road to passwordless is not always smooth or linear. However, organisations can make the journey easier for themselves by making sure to factor their users in at every stage, and by focussing on interoperability. Hardware- based security keys provide strong authentication while at the same time reducing friction at login, compared with other multi- stage authentication protocols. Ultimately, the right passwordless solutions should make life easier and more secure for all users: a win-win for everyone this Cybersecurity Awareness Month.

Niall McConachie

regional director (UK & Ireland) at Yubico.

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...