Why We Need to Get Rid of Passwords with Passage’s Nick Hodges

Share In
How to Subscribe

Passwords have been around since the 1960s and as a means to keep someone out of a non-connected terminal, they were relatively secure. The scale of a compromised system was relatively low. But the world has changed drastically in that time. Every computer is connected to a massive network of other computers. The impact scale of a compromised password is multiple times more problematic than it was even 30 years ago, yet we continue to rely on passwords as a security means to protect account information.

Security means like longer passwords, more complicated schemes, no dictionary words, and even two-factor authentication have had limited success with stopping hacks. Additionally, each of these requirements adds friction to a user accomplishing their task, whether that's to buy a product, communicate with friends, or login to critical systems.

WebAuthN is a standard protocol for supporting passwordless authentication based on a combination of a user identifier and biometrics. Consumers can simply login via their email and using their thumb print on their phone or relying on facial recognition on their device. Passwordless authentication not only reduces frictions for users, but it removes a massive security vulnerability, the password.

Nick Hodges, Developer Advocate at Passage, joins the show to share his knowledge and expertise about the security issues with traditional passwords, how passwordless works and addresses historical security issues, and how Passage.id can be used to quickly create a passwordless authentication systems for your product.

Topics:

  • What’s the problem with passwords?
  • Why have passwords stuck along so long?
  • What’s it mean to go passwordless?
  • What is a passkey and how do they work?
  • How does the privacy and security of a passkey compare to a standard password?
  • A Passkey is stored within the Trusted Platform Module of a phone. What happens if someone steals my phone?
  • What happens if I upgrade my device? Do my passkeys come with me?
  • What are the potential security risks or limitations of passkey based login?
  • What if I don’t have my phone? Can I still login?
  • Can you share an account with someone else? How does that work?
  • When a business switches over to using a passkey approach, what’s the reaction from their customers?
  • Is there a big educational challenge to convince companies to ditch passwords?
  • Why is a passkey approach to login not more widely adopted? What’s stopping mainstream use?
  • What is Passage and how is helping businesses go passwordless?
  • Who’s your typical customer? Startups just building their auth system or are people replacing existing systems for this approach?
  • What’s it take to get started? How hard would it be for me to rip out my existing authentication and adopt Passage?
  • What are your thoughts on the future of passwords and password security? How far away are we from completely getting rid of passwords?
  • What’s next for Passage? Anything on the future roadmap that you can share?

Resources:

Other Podcast

Bug Bounties, Pentesting, and Automated Security Workflows with Trickest's Nenad Zaric

Former pentester and bug bounty hunter Nenan Zaric joins the show to talk about the types of vulnerabilities that companies should be looking for and about how to automate security workflows through the Trickest platform, a company he founded.

Machine Learning and Privacy at the Edge with Edge Impulse's Daniel Situnayake

Dan Situnayake, Head of Machine Learning at Edge Impulse, joins the show to share his knowledge about the practical privacy and security concerns when working with edge IoT devices and how to still leverage this incredible technology but do so in an ethical and privacy-preserving way.

November 16, 2022

Inside PCI DSS and Privacy for Payments with Skyflow's Bjorn Ovick

Bjorn Ovick joins the show to share his background, thoughts on the evolution of technology in this space, break down PCI DSS, payment processors, and how Skyflow helps not only offload PCI compliance but gives businesses flexibility to work with multiple payment processors.