28 CYBER SECURITY CYBER SECURITY 29A The Death of Passwords New Forms Of Secure Authentication Are Key But What Happens If Our Biometrics Get Hacked? Passwordless authentication is the thentication is truly secure and factors exfiltrate data, says the white paper. It concludes that Hardware Keys next big breakthrough in secure digital in privacy, sustainability, user expe- "There is a need from a risk management perspective transitioning to communication. rience, scalability and inclusiveness. passwordless authentication could allow companies to cut Extra security with hardware keys is another approach to gather a com- the budgets associated with their breach risk exposure by to passwordless authentication. Security keys come in a That news will make consumers and “We need to put the word out there 4/5, translating into lower cyber insurance premiums. variety of form factors ranging from a small USB, NFC or employees who have trouble remem- that there is a need to gather a com- munity of CEOs Bluetooth device to something built into a user’s mobile bering multiple passwords happy. munity of CEOs and leaders around Another plus is that passwordless authentication makes it phone that can securely authenticate when they need to Companies are also likely to welcome the topic of implementing a more and leaders easier to comply with international regulations, which sign into a new device. These approaches require that the the change because the average glo- secure means of authentication and to is key to expanding digital businesses across device be physically and locally present when authentica- bal cost of a data breach in 2019 was do so sooner rather than later,” says around the topic geographies. tion happens. $3.92 million – a 1.5% increase from Adrien Ogee, lead for technology and the year before. According to the 2019 innovation at the World Economic of implementing “Many companies are already moving down this path,” QR Codes Data Breach Investigations Report, Forum’s Centre for Cyber-security. says Kelly Bissell, Accenture’s Senior Managing Director 80% of hacking-related breaches a more secure and Global Lead of Security. “This will give confidence to Complex, animated QR codes can also be used to authen- involved compromised and weak other companies, including banks and retailors, to imple- ticate without passwords. Users logging in scan a QR code credentials, and 29% of all breaches, Why now? means of au- ment passwordless authentication. I see a wave coming to with a smart device to bind the session to their user iden- regardless of attack type, involved the stronger security. We are at the early stages but I believe it tity. A confirmation message is then displayed in an use of stolen passwords. To stay competitive corporates across thentication and will pick up very quickly.” app on the device verifying the authentication and a bio- industries are increasingly building, metric scan is triggered on the device, confirming that the But the technologies that are replacing buying or joining digital platforms (see to do so sooner users are who they say they are. At that point, an authenti- passwords have vulnerabilities of their the cover story of our Davos issue). Technology Options cated session is passed to any relying party and the user is own. What happens, for example, if Authentication systems are the first rather than logged in. our biometrics get hacked? That is the contact customers have with digital A range of technology alternatives to passwords are title of a panel discussion at the annual platforms and ease of use is a compe- later." already available. Zero-Knowledge Proofs meeting of the World Economic Forum titive differentiator, notes the white in Davos this year that will include exe- paper. Passwordless authentication Biometrics Zero-knowledge proofs (ZKP), provides yet another cutives from Walmart and Facebook can potentially significantly improve alternative. A ZKP authentication process can transform a and be moderated by The Innovator’s user experience and give platform Recent technological advances in smartphone cameras password into a complex and unique abstract string, like a Editor-in-Chief Jennifer l. Schenker. businesses ubiquitous authentication and machine-learning models mean facial recognition Rubik’s cube with a completely random pattern. at a fraction of the cost, allowing for and document scanning can now be used to verify people The abstraction is transferred to a server and The Forum is releasing a white paper cross-platform interoperability and remotely and at scale. By using biometrics, such as face stored, allowing authentication of users in such a way during the conference that outlines multinational expansion and increase scans, as an authenticator, users no longer need to asso- that a password never leaves the user’s device some crucial issues that need to be security by seriously hindering the ciate a password with their account. or browser. resolved to ensure passwordless au- ability of criminals to access and