Goodbye, Passwords. Hello, Passkeys!!
Earlier this year, Malaysia’s National Cyber Security Agency (NACSA) passed the Cyber Security Act 854, marking a key step in regulating cyber activity in the country. Rising concerns about phishing scams and increasingly complex identity authentication have impacted not just public agencies but also private and commercial sectors as well with user experience negatively affected. The root issue? Passwords.
Once a foolproof security measure, passwords have become a cumbersome weak point and are difficult to manage. We are advised to use unique passwords for different accounts, which makes them harder to remember. Even then, multi-factor authentication adds extra layers of complexity. It requires a ‘one-time password sent to our email’, or perhaps the name of our last pet… even a secret phrase. These numerous measures were put in place to combat bad actors trying to get our passwords, but the process has complicated what should have been a quick and seamless log-in process. The ugly truth is, that digital passwords are becoming outdated. The fact that passwords themselves are the main targets of cybercriminals and are not considered strong enough without two-factor authentication should be the biggest red flag for us.
In accordance with their Cyber Security Act 854, NACSA has collaborated with Malaysia’s own Securemetric as well as the FIDO Alliance to host the FIDO APAC Summit 2024 in Kuala Lumpur from 10th to 11th September this year. The FIDO Alliance’s aim has been to reduce overreliance on passwords and promote ‘passkey’ authentication and Fast Identity Online (FIDO).
What Forms of Passwordless Authentication are Out There?
FIDO, as an open industry body, has made strides globally in developing and promoting technical standards for interoperable mechanisms for authenticating users and devices. With these set standards, FIDO Alliance has introduced various FIDO-certified vendors and brands that offer passwordless authentication solutions. Fortunately for Cybersecurity Asia (CSA), we had the opportunity to meet some of them at the JW Marriott Hotel where the summit was held.
Some obvious big brands were present, such as Okta, Thales, and RSA. All three brands offer reputable solutions with different approaches to secure authentication. Okta is mainly software-focused, while Thales and RSA offer hardware such as security tokens. These hardware solutions were also demonstrated live by Securemetric’s own CTO, Sea Chong Seak. These security tokens are encryption-encoded and utilise passkeys (often biometric) to allow users to access their intended platform from any device without app installation. Just plug it in, go to the platform login page, enter your user ID, wait for the platform to challenge your user ID via the security token, input your passkey (thumbprint), and then ta-da! You’re logged in and not a password in sight. Passkeys have the advantage of eliminating the need for users to memorise functions, and they’re located physically on their person, which gives bad actors no digitally attainable target.
Other FIDO-certified companies from the APAC region were present at the summit, displaying their products and the specialities they focus on. Trusted APAC partners of VinCSS were also present to advertise their FDO (FIDO Device Onboarding) certified IoT solutions. Rather than authenticating ‘people,’ some groups may require a new device to be authenticated when onboarded to their IoT. VinCSS is one of the first FDO-certified vendors that provide solutions for the authentication of devices into their IoT. At the FIDO APAC Summit 2024, VinCSS’ partner HiTrust, who is based in Taiwan, was present and active at the event, sharing VinCSS solutions and products with the ASEAN market.
But that covers the onboarding of IoT devices… What about FIDO authentication for edge computing, where the functions of endpoint units are involved? There were vendors well represented at the summit who covered this area as well. Fiducia Edge was one such vendor that caught our attention. Fiducia Edge offers their T-Ree third-party environment solution to ensure a secure space where both users’ raw data and a group-configured operating platform can interact, resulting in output without compromising either side’s data. Additionally, their edge-nodule machines ensure that edge computing is achieved with minimised latency and trusted data transactions.
FIDO, NACSA, & Securemetric Introduce Key Players in Passwordless Authentication
The FIDO APAC Summit 2024 showcased the importance of moving beyond traditional password-based authentication, highlighting solutions that provide stronger security and a more seamless user experience. With the backing of NACSA and Securemetric, the shift toward passkey and passwordless technologies is gaining momentum, with this summit aiming to spread that momentum not just to Malaysia but across the APAC region. The summit not only demonstrated the effectiveness of these solutions for individuals but also emphasised their critical role in the growing world of IoT and edge computing. As cyber threats evolve, FIDO’s standards and innovations offer a promising path forward for a safer, more efficient digital future.