2. How Does Password Spraying Work?
Attackers repeatedly attempt to compromise password-only accounts, especially internet-exposed services. They’ll use a list of common usernames and passwords in hopes of finding a match. Then they will “hope and spray” millions of passwords to try to find one that works.
3. How Can an Organization Start to Prepare for a Passwordless World?
At a minimum, ensure two-factor authentication is in place. That level of authentication will require you to set up the necessary infrastructures and learn more about passwordless authentication. You can also learn about industry-standard services such as trusted platform module and FIDO that set forth strategies for replacing passwords.
4. What Is a Passkey, and How Does It Work?
A passkey is typically a PIN that’s part of public-private key cryptography. It’s a private key that unlocks an account secured by a public key. A public key cryptographically linked to the private key is then verified, providing secure passwordless authentication.
5. What Are Healthcare's Concerns about Passwordless Workflows?
Healthcare organizations are subject to strict regulations such as HIPAA. Before embarking on this journey, organizations must ensure they do so while following all HIPAA requirements to protect patient health information. Healthcare facilities also have a massive attack surface, with thousands of connected medical devices used by clinicians. Roaming devices are a key concern because of the need for providers to reauthenticate themselves. A proper training program is critical for a successful passwordless system rollout.