Why Aren’t We All Using FIDO2 For Corporate Systems?
With my Macbook, I use my fingerprint to log in, and I now increasingly use my watch to authenticate me. For my banking app, I use face recognition, and to pay for my purchases, I now typically use my watch to authorize the payment. We are thus moving towards a world where we get rid of passwords — or basically a single way to authenicate us. This is especially the case where we are being told that we need increasingly complex passwords, and where a simple PIN and a wearable device is so much more secure than a password. But, still, as employees, we log into our corporate systems using the good old username and password.
Unfortunately, as long as one person fails for a phishing attack, we leave our corporate systems open to stolen user credentials. But, in the future, could we use something we wear, or something we have, or even our face or fingerprint, could be a standard part of logging into our corporate networks?
Protecting against phishing attacks on corporate systems
And, so, this week, Cloudflare announced that they had rolled out a FIDO2 authenticator for their employees, and which allows users to login into internal and external systems using a software secured key as a secondary factor [here]:
