Passwordless – A new era is about to begin
A new era is about to begin in the world of IT. Passwords will be considered as a relic of the past.
With Quantum computing, even the strongest passwords will be easily predictable. The solution comes by eliminating authentication systems using passwords and moving to MFA (Multi-Factor Authentication) and passwordless authentication.
81% of hacking-related breaches used either stolen or weak passwords
Source: Verizon 2017 Data Breach Investigations Report
You can reduce your odds of being compromised by up to 99.9% by implementing multi-factor authentication(MFA).
Source: Microsoft 2018 Security Research
Advanced technologies are being put in place using biometrics, PIN, public/private key cryptography and Fast Identity Online (FIDO2). In my blog post, I will focus on the FIDO2 which is an open authentication standard, hosted by the FIDO Alliance, which consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP).
CTAP is an application layer protocol used for communication between a client (browser) or a platform (operating system) with an external authenticator such as the YubiKey 5 Series, and the Security Key Series by Yubico. Yubico is a core contributor to the FIDO2 open authentication protocol.
Enough with the theory, let’s move to the practical part.
I bought the security key by yubico from https://www.yubico.com/store/. The entry version is for 20$. I received it within a week.
and then I followed these steps:
1) First, I got to access this link yubico.com/start where I clicked on the picture Security key series
2) Second, I selected the app I want to apply the passwordless authentication on from the list below:
3) I have chosen GitHub
4) Github provided great documentation. Check out this link https://help.github.com/en/articles/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key
5) I followed the steps and I received the recovery codes in case I lose the physical key and then I enabled the SMS two-factor authentication
6) In my GitHub, I clicked on settings located in the parameter tab
7) then in the security key section, I entered a nickname for the security key and clicked on ADD. At this level, I was requested to insert my security key in the USB port.
8) The next step was to touch the security key
9) Finally, the key was registered.
10) I disconnected from my Github and tried to reconnect. The screen of Two-factor authentication directed me to click on the Use security key
11) I inserted the key and finally, I successfully logged in to my GitHub
MFA and passwordless are the future of IT security, Companies must be aware of it and they need to implement these technologies.
To be continued…