Passwords are a hassle. But what would it take to live a secure online life without them?
This is what Sam Rehman, our Chief Information Security Officer and SVP, and Shaked Vax, Co-Founder and Chief Product Officer of Anonybit, talk about in our latest #CybersecurityByDesign conversation.
Listen as they jam on the topic of zero trust and identity as it relates to relevant and tricky ideas such as passwordless technology and biometrics.
There are some issues, says Vax, explaining that relying on the biometrics enrolled on one’s smartphone “creates a bit of a false sense of security, in my opinion.” Those biometrics, he says, are “not validated against who they belong to.” Because one can store other fingerprints—those of, say, one’s kids—on a smartphone, this creates “a gap there between the account holder and the biometric on the phone.”
There are flaws, Vax says, when the system is not fully connected to a centralized authentication and relies too heavily on phone biometrics.
“You truly want to identify and bind that to the end user,” says Rehman, meaning a very specific person and “not just somebody who can unlock the phone.”
The big question for Vax is: “How do you do a multi-factor authentication that addresses this gap, this vulnerability around the new phone or the account recovery?”
Some fascinating talk here about decentralized data storage and protection, the user experience of passwordless, and the importance of having multiple modalities for different populations.
You’ll want to listen—and you’ll be glad that no password is required.
Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon