With the introduction of additional associations and research organizations (e.g., FIDO: https://fidoalliance.org/) focused on negating the need for passwords, one might ask if they are going away.
The answer is no, not really. Password-based credentials will still be around, especially within enterprises, for years to come. Especially for legacy systems, and administrative access.
With that said, business-to-consumer (B2C) authentication for enterprises will morph considerably, as it already has. And for that matter, so has business-to-business (B2B) authentication with PKI / x.509 certificate-based authentication for point-to-point VPN / RESTful API.
So, compensating controls in the way of conditional access (CA), multi-factor authentication (MFA: biometrics, OTP, voice, security challenge / questions), etc. will take the lead in identity verification, but passwords will be around for a long time.
No comments:
Post a Comment