Chief Security Officer at BeyondTrust, overseeing the company’s security and governance for corporate and cloud-based solutions.
It’s a new year and a time for resolutions. Some people will resolve to eat better or exercise more, and others shed bad habits. For me, I resolve to go passwordless (or as much as possible) in 2023. The million-dollar question is how can I, or anyone else, actually achieve this and not compromise security? In fact, the end goal should be to improve your security and lower the risk of being hacked.
To get started, let’s first consider your passwords. What are they and where do you use them? To answer this, there are three primary locations where we use passwords:
1. Operating Systems: These are typically used to log into the operating system after booting, rebooting, changing sensitive settings or installing updates.
2. Websites: Any secure website from banking to commerce may require a password to authenticate identity. Security-conscience websites have added one form or another, including multifactor authentication or basic two-factor authentication.
3. Locally Installed Applications: Some locally installed applications may require a password to access data or perform sensitive operations. These passwords are typically placed on the file like a spreadsheet or for a local client that authenticates across the network in a client-server architecture.
With these in mind, the technique to remove passwords varies based on your personal technology stack. Please consider:
• Microsoft Windows: Microsoft Windows users have the ability to store passwords and secrets within their browser (e.g., MS Edge and Google Chrome) and within Microsoft Hello technology that uses biometrics for identity verification. Microsoft Hello can be used during all aspects of runtime, including when the operating system boots.
• Apple Mac: Apple Mac users can leverage Apple’s touch