hensive MFA system, although it can also function in a standalone manner. Risk is largely limited, although the chance of email or device infiltration could pose a problem. Biometric Verification Far less common, especially in a small business setting, is biometric authentication. This method assesses the physical attributes of the user to ascertain their identity. Typically, the system analyzes distinguishing characteristics such as fingerprints, eyes or other facial characteristics. The biggest benefit is that the traits are unique to the user, thus preventing issues such as password theft or poor judgment. Potential limitation, meanwhile, relates to the technology’s effectiveness, backend issues such as network and data hacks, other forms of fraud, sensor spoofing and issues related to the integrity of the stored biometric data. Still, these are unlikely. For many small businesses, sadly, employing across-the-board biometric verification can be a costly process; it requires a unique physical scanner for each individual end user, and cloudbased capabilities are not currently supported. Those favoring biometric and other passwordless systems, however, will readily point out that its cost is more than offset by the money saved in not having critical information stolen. The Third-Party Login Although not traditionally passwordless, the option for third-party credentialling is appealing for many smaller organizations because it removes the need to remember multiple passwords for any number of accounts. Companies such as Google began supporting this concept several years ago, citing the convenience of using just their own credentials to access many different thirdparty services. Despite the comfort of being able to forget one’s passwords in this way, this practice has its consequences. On the heels of massive data breaches for companies such as Yahoo, LinkedIn and Facebook, numbering in the millions and billions of victims, the concept of third-party logins can be an ill-advised gamble. The FIDO Architecture The concept behind fast identity online (FIDO) includes open-authentication standards for helping providers to leverage passwordless user authentication. These standards came about as a result of the FIDO Alliance, which includes contributions from Microsoft, Apple, Google and others. FIDO allows the employee to use a device in a manner similar to a physical security card, making aspects such as public key cryptography (PKC) and biometrics more commercially accessible. Using a FIDO-based authenticator allows the organization to generate user credentials with both a private (stored by the authenticator) and public (shared with the service) key component. Popular sites such as Google Accounts, Dropbox, GitHub and Twitter employ FIDO authentication due to its advantages for business (protection), developer (streamlined APIs) and end user (convenience and security) alike. So, how feasible is passwordless protection? The answer likely depends on the nature of one’s operations. Is sensitive information encrypted? Do employees have their own logins? Is the expenditure practical? For some, the idea of going passwordless is a great, low-risk investment. These options generally work because they can be easily outsourced and implemented while requiring minimal backend understanding. More importantly, going passwordless limits dangerous exposure as a result of poor decisions or organizational policy. And for the SMB, any opportunity to limit threat with minimal investment is a win-win. o 43% 41% 40% 38% 33% 33% 31% 31% 27% 27% 3% 57% 56% 50% 45% 40% 35% Challenges of deploying a passwordless authentication model Source: LastPass, LogMeIn Global Survey Financial investment Regulations around the storage of the data Time Resistance to change from employees Lack of skills and knowledge Resistance change from IT department Passwords will never truly be eliminated Sense of being afraid to change what we already know Complicated to implement Concerns that it is less secure No challenges Most U.S. IT Pros Feel Optimistic About Role Sourc : CompTIA Demand for skills leading to career options Importance of tech to business objectives Reliance on technology following pandemic Strong network of technology professionals Perception that tech helps society Diverse skills available for exploration THE CHANNEL MANAGER’S PLAYBOOK 20