I speak to many CISOs who are in charge of protecting enterprises with many employees. One topic that is raised time and again is … phishing.
Yes, phishing is still a thing in 2021 and does not have a specific technology solution.
If you were working for the “other side” and knew that the credentials to get into accounts were static, user-created and could be phished — what would you do?
You would phish the users to hand you over their credentials.
One reason that the passwordless revolution is gaining more momentum is the fact that, without passwords, an entire attack vector is eliminated.
If the user has no username and password to log in with, it’s one less thing for a CISO to lose sleep over.
Moreover, by storing the credentials inside users’ devices, it’s harder for the bad guys to attack anything that stores many credentials. It forces the attacker to hunt and peck, one account at time.
This will create a sea change in the cyber wars, where the attacker is now forced to change their strategy.
“Thus, what is of supreme importance in war is to attack the enemy’s strategy” – Sun Tzu, The Art of War