Check out all the on-demand sessions from the Intelligent Security Summit here.
When it comes to security, passwords often aren’t an asset, but a liability. They provide cybercriminals with an entry point to protected information which they can exploit with phishing scams and social engineering attempts, to manipulate users into handing over personal information.
With 15 billion passwords exposed online, something needs to change. Many providers are positing that the solution to this problem is to get rid of passwords altogether.
Now, as Apple iOS 16 launches today alongside macOS Ventura, users will be able to log in with Passkeys on iPhone, iPad and Mac, using biometric authentication options like Touch ID and Face ID, which are synced across the iCloud keychain.
For enterprises, the launch highlights that passwordless support is becoming more widespread and sophisticated among consumer-focused vendors, driving an authentication movement which could eventually eliminate credential theft.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
The state of password-based security
As of 2022, the state of password-based security is a mess, with 85% of users using the same password across multiple sites, while 81% of the companies in the FTSE 100 have had at least one credential compromised and exposed on the dark web.
The launch of iOS 16 and the increasing emphasis on security options like passwordless authentication could play a significant role in shaping the development of other password-free authentication solutions.
It’s worth noting that the launch also comes shortly after Apple announced that it had discovered two zero-day vulnerabilities for iOS 15.6.1 and iPadOS 15.6.1, which could enable hackers to execute malicious code remotely.
However, enterprises and users can’t afford to rely on passwordless authentication as a silver bullet to protect against security threats like phishing going forward.
“Phishing isn’t just about sign-in details, there are many forms of social engineering that can lead to PII theft, malware installation and more,” said Michael Covington, VP of Portfolio Strategy at Jamf.
“Passkeys is a great technology, particularly for consumers who might not currently use a password manager. But when it comes to enterprise use, there is always a need for layers of defense,” Covington said.
Beyond Passkeys and passwordless authentication
In practice, Covington recommends that businesses should layer critical device and patch management tools, with endpoint security and web filtering technologies to protect against vulnerabilities, endpoint, and web-based threats.
While Passkeys is one of the main security features included with iOS 16, users should note a number of other security features too.
These include Safety Check, which enables users on iPhone to revoke access that people and apps have to their location, and provides additional privacy protections.
However, perhaps the most relevant inclusion for enterprises is Lockdown mode, which “provides extreme protection for the very small number of users who face grave targeted threats to their digital security.”
Lockdown Mode limits apps and websites, enables users to turn off images and link previews in messages, and restricts FaceTime calls from unknown numbers.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.