The acceleration of digital transformation has fueled the adoption of mobile and cloud technologies and we can no longer have a network perimeter-centric view of security. Instead, we need to securely enable access for various users – employees, partners, contractors, etc. – regardless of their location, device or network.

Many organizations are adopting a Zero Trust Security approach wherein user identity must be verified effectively to ensure the right people have the right level of access, to the right resources, in the right context, and that access is assessed continuously — all without adding friction for the user. In this paradigm of Zero Trust Security framework, the use of passwords is far less than ideal.

Passwords = No Trust

The modern computer password was introduced to computer science and the wider world in 1960 by Fernando Corbató.  We have been using passwords for the past 60+ years to protect and secure our critical information. This mechanism of using passwords to secure and protect our sensitive data is outdated and is failing us. Nearly all data breaches start with compromised passwords, and even the strongest  passwords can easily be phished, shared, stolen, reused, and replayed. They are the hackers’ favorite target and entire categories of vendor products exist to make up for the shortcomings of passwords.

Businesses already have multiple security solutions working together ranging from identity providers, to access control, and risk-based policy solutions. The problem with current technologies is that these technologies still depend heavily on passwords and shared secrets that are not secure. The combination of these technologies lead to higher costs – managing multiple solutions, lack of adoption across various lines of businesses, and introduction of friction.

Passwordless = Zero Trust

By starting with an identity-centric approach to security businesses are able to ensure that right people are able to access the right resource, in the right context without adding friction for the user. With a Zero Trust Architecture (ZTA), services and applications need to effectively verify an identity requesting access to a resource. With ZTA, the authentication needs to provide the highest level of security that goes beyond the use of passwords along with basic 2FA and MFA.

To provide verifiable user authenticity and integrity, the BlokSec service leverages a combination of decentralized identity, digital signatures, and immutable ledger technology (based on blockchain technology). This approach ensures a cryptographically verified user using biometry, and a consent-driven authentication model making it impossible for malicious attackers to phish, steal, reuse, and replay the authentication process. This approach also removes the authoritative source, i.e. a directory or database with passwords or a centrally stored public key database,  which is the security flaw in current vendor solutions.

BlokSec’s passwordless multifactor login makes authentication fast and easy by eliminating the need for passwords and traditional multifactor authentication such as SMS codes, email codes, or mobile applications with 6 digit codes. The BlokSec service can be used to authenticate across any service a user interacts with – consumer websites and mobile apps, web-based business applications, and social media.

Enable Zero Trust Authentication

According to Verizon DBIR 2021, phishing, ransomware, and web application attacks were the top hacking vector in breaches. Passwords caused 89% of web application breaches, either through stolen credentials or brute force attacks.

Passwordless authentication lays the foundation for a Zero Trust Architecture by providing the highest level security and a frictionless user experience. Passwordless reduces the cost of various tools that lack verification of an identity reducing the cost and burden on the IT teams. Passwordless helps businesses in increasing the security posture of the organization and reducing overall organizational risk.