Chief Information Security Officer, Head of Enterprise Cyber Security, MassMutual
How Password-less Takes Center Stage for Next Generation of Authentication
For the past 60 years, passwords have been the enterprises’ primary authentication method. The assumption that a particular person is the only one with access to that secret is no longer valid due to breaches and credential stuffing techniques that have increased exponentially as enterprises expose more services as part of their journey to the cloud. When traditional MFA (SMS text, voice calls, tokens) is used, friction is added for the user and motivated attackers still find ways to automate the bypass of these controls by creating tools such as Modlishka. The next generation of authentication is not binary, but continuous. It’s not based on a single event in time but rather real-time data and behavior, with a passwordless foundation. These new controls, combined with FIDO open standards, are a powerful combination that enterprises should embrace. In this talk, Jim Routh and Bojan Simic will discuss how this approach can be leveraged for consumers and the workforce to result in lower friction for the user, and higher friction for the adversary.