In this video for Help Net Security, Christofer Hoff, Chief Secure Technology Officer at LastPass, talks about the benefits of passwordless authentication.
The basic components needed to make passwordless authentication a reality are:
- An open, standard set of processes, technologies, APIs, etc., to enable all the various components to work together across devices, operating systems, browsers and applications.
- Support for the creation and storage of cryptographical elements needed to generate pass keys.
- We need to make sure there’s a way of securely making those pass keys available across any device that we need to authenticate.
- We need a way to securely assert that the person who’s attempting to authenticate, actually owns and has the right to use those credentials using standard interfaces, such as biometrics or MFA.
- We need a secure way to recover pass keys, should the device become lost, stolen or inoperable.