Is Passwordless Authentication Safe?
HTML-код
- Опубликовано: 22 май 2024
- ⚜️ Passwordless authentication removes the need for a password and replaces it with something else. But is that safe?
Passwordless authentication
Passwordless authentication involves not using (or even storing) a password for an online account, but using an alternate mechanism to confirm your identity. The alternate mechanisms are those used as the second factor in two-factor authentication; they just become the only factor. With no password to expose or steal, it can be safer in many instances than traditional authentication. Two-factor authentication remains the most secure of all.
Updates, related links, and more discussion: askleo.com/137786
🔔 Subscribe to the Ask Leo! RUclips channel for more tech videos & answers: go.askleo.com/ytsub
✅ Watch next ▶ How Do Websites Keep Passwords Secure? ▶ • How Do Websites Keep P...
Chapters
0:00 Is Passwordless Authentication Safe?
1:00 It’s like two-factor authentication, just without the first factor
3:44 Why passwordless authentication is interesting
5:24 Passwordless isn’t perfect
6:20 Passwordless hiccups
7:34 Two-factor remains the gold standard
❤️ My best articles: go.askleo.com/best
❤️ My Most Important Article: go.askleo.com/number1
More Ask Leo!
☑️ askleo.com to get your questions answered
☑️ newsletter.askleo.com to subscribe to the Confident Computing newsletter.
☑️ askleo.com/patron to help support Ask Leo!
☑️ askleo.com/all-the-different-... for even more!
#askleo #password #authentication 
Наука
How can it even work?
Email with a link is only one option for Passwordless. There is MFA within other Passwordless options that have no issues like the email delay issue.
Awesome Explication really I understood very well, and I will follow your comments, thanks
Passwordless with microsoft can go horribly wrong since there isnt two factors then giving someonr the first factor and they have full access and can change security info
yubikey ftw
I use it on my lesser accounts. But not on my paypal or bank account. The accounts use my computer I.D. Of course anyone using my computer could log in but it is not likely at all.
The only factor of auth being used here is your email, so this isn't really using MFA. If the email service provider (eg: Gmail) is compromised, a bad actor can access your email and therefore get access your Medium account. One way to mitigate this is using another factor of auth such as an OTP texted to your phone via. This is more secure because while it's somewhat likely that either your email can be broken into or your phone can be stolen, the likelihood of BOTH occurring is negligibly small.
Thank you! Why do you not generally recommend signing in with third-party services, e.g. Google which itself may be strong enough with 2FA enabled whereas the initial website may lack 2FA option?
Because if you lose access to your Google account, OR if that Google account gets hacked, then ALL the associated accounts you've used it to login with are impacted.
@@askleonotenboom understood, thanks! But in your example with the link which is sent to email for login, the problem is basically the same
@@vrubigorful because some website create a fake pop up sign in to google which will send you to a fake google log in page. where you enter your gmail and password and that's it.. you got hacked.
but hey if you sign up there and use the same password as your gmail then that's the same thing. 😂😂
this is why they always remind not to use the same password on all your account.
and google hates it coz they are being blamed for google account getting hacked even if they have very secure server. it's not their fault if you got hacked from other website.
this is why 2FA become a standard. even if both you and the hacker have the password, he can't get through the 2FA.
I don't like having the Microsoft authenticator app requesting access when someone else is trying to get into my account. Seems like they should at least enable a pin before someone can just request to get into your account with passwordless. I don't want to see all the requests in my face if they aren't me. It seems like they should at least have to enter a pin before they can request passwordless entry and that way I wouldn't see any request that didn't have the pin.
I'd feel better with passwordless if you could still keep an option to use a security key too.
Interesting video you are right its not perfect
I currently use a password and the Authenticator app. If my password gets hacked, they still need the authenticator access. On trusted devices I already only have to use the app, instead of a password.
I’m still trying to figure out how passwordless is more convenient and safe
🥲 actually there is a way to get around, just with the password that is why I was looking for passwordless info :c
google "yubikey"
PASSWORDLESS is safe for me because it removes the need to hide my password somewhere OFF of the local computer and the fear of losing that document
Honestly my email account has been getting hacked into let me just say Microsoft/outlook security sucks.
Fir apne kya kiya
Excellent explanation and I concur with your opinion about 2 form factor being gold. I prefer it myself.
However if I loose my phone or stolen it does put a damper or chink in the armor. Or even an Issue with email. I use both authenticator apps, SMS and email with most that would allow it.