Why Password-Based Authentication is Not Secure
FIDO (Fast Identity Online) Alliance and W3C (World Wide Web Consortium) proposed a web authentication standard that aims to replace the traditional password-based authentication with more seamlessly secure and smooth login methods.
IT teams behind widely used web browsers Google Chrome and Mozilla Firefox have now devised methods that will kill off password-based authentication on the web. Newly released version of their browsers (Chrome 67, Firefox 60) now support the web authentication standard proposed FIDO Alliance and W3C standard.
This new web authentication standard allows users to access their accounts using their fingerprints, face logins, flash drives connected to their devices and so much more. These methods have been around on the web for some time already, but with the initiative to standardize their use, they can now be more seamlessly integrated into web login processes.
Yes, using password-based authentication for accessing online accounts are pretty convenient. Our web browsers even give users the option to save their passwords on the application so they won’t need to login again the next time they use a saved account in that certain browser. But the online world is continuously evolving. Traditional passwords are starting to not be safe for modern-day websites and online apps.
Major Disadvantages of Using Password-Based Authentication
- Passwords are usually forgotten by users. In trying to come up with passwords that are unique and hard to crack, some users end up with passwords that they tend to forget over time. With the web authentication standard that is proposed by FIDO and W3C, users will then be encouraged to leave behind the habit of settling with the vulnerable password-based authentication.
- With password-based authentication, your accounts’ security will be based on the confidentiality and strength of your chosen passwords. Unlike other web authentication methods like fingerprint or face login, unauthorized people can find ways to crack your passwords and get their hands on your confidential information and files.
- Password-based authentication lacks a strong identity check. Because anyone can unlock using passwords, it is easy for attackers to get hold of your account. Although, some apps and websites now offer two-factor authentication that gives you an extra layer of security, it still doesn’t gives the same level of security more advanced web authentication methods like fingerprint access give.
This new web authentication methods cannot just keep your account much secured, but also makes logging in online more simpler. There’s no need anymore to select a user account and type out a password as you can do it now through fingerprint access, face login or other web advanced authentication methods.
Innovations on how can we further protect our online security is being developed and released constantly for all of us to benefit.
Kevin Jones485 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.