WebsiteCompass 9 Behavioral Recognition – To determine whether to trust a user and give access, behavioral recognition considers multiple data points to create a score. The data collected and analyzed can include keystroke dynamics, gait recognition, voice ID, mouse and touch use characteristics, and location behavior. Benefits of Passwordless Authentication Stronger cybersecurity is the main benefit of passwordless authentication since it prevents password-related cyberattacks. In addition, passwordless authentication methods are often resistant to phishing because users won’t be sending any login credentials via email or text to a hacker. Another benefit is a faster and more convenient login experience for users. They no longer need to spend time creating, entering, and managing strong passwords, thereby eliminating password fatigue. In the workplace, employees can dedicate more time to productive tasks. Role of Leading Tech Companies Apple, Google, and Microsoft announced plans in May 2022 to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. The expanded standards-based capabilities will provide the ability to offer an end-to-end passwordless option. Users will be able to sign in and access an account through a simple action similar to what they now do daily to unlock their devices, such as the verification of their fingerprint on the edge of an iPad to unlock it. This new approach protects against phishing, and sign-in will be more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent via text. The aforementioned companies have collaborated on passkey technology, which allows authentication with fingerprint ID, facial ID, or a PIN on the phone or device you use for authentication. (See the sidebar for a comparison of password and passkey.) Additional companies are also using passkey technology in their systems, including DocuSign, Kayak, PayPal, and Shopify. What’s the Difference Between a Password and a Passkey? A passkey is a unique login bundle used to identify a user and their account and designed to be easily and safely shared between devices. Passkeys are currently created with the WebAuthn standard and use public-key cryptography. The first time a user logs in with passkey technology, the technology generates a key pair. One key lives on your device privately and isn’t shared with anything else. The other key waits on a service’s servers. When the two keys match, the login information is shared. Users can use their device’s built-in biometrics or other authentication to unlock and share the key. How are passkeys different from passwords? First, you don’t have to remember anything. Passkeys are very long sequences compared to passwords, which gives them robust security, but they aren’t designed to be manually typed in. Instead, your device and the web server keep the passkey pair safe and match them up when necessary with a quick handshake protocol. You’ll then use biometrics or a similar security to log in to your authentication device. Second, passkeys are innately resistant to hacking attempts. Your private key is securely stored on your device, isn’t shared with anything, and can’t be intercepted. FAST FACT: According to a study sponsored by Yubico, a user spends an average of 10.9 hours per year setting, entering, and resetting passwords.