Identity & Access Control

Conclusion: Credential theft is still one of the prime means of attacking systems. Dictionaries of passwords are readily available (many with millions of passwords). These allow attackers to perform credential stuffing attacks – often successfully.

Eliminating passwords has been difficult in the past. However, the consensus amongst vendors of both software and hardware is to bring to market methods of achieving authentication without passwords. The ubiquity of mobile devices with touch or facial authentication is one prime element.

This is a necessary evolution of authentication.