Can passwordless logins ever exist outside of web applications?

1.2k views3 Upvotes5 Comments

CISO in Software, 201 - 500 employees
Passwordless logins with tokens do work but when you go with passwordless logins, what you rely on instead is something I have that can be stolen. The security of two-factor authentication (2FA) using your phone—as something I have—has already been broken.
2 2 Replies
Board Member in Healthcare and Biotech, 1,001 - 5,000 employees

@Dan Would like to know more about the broken 2FA on the phone assuming that does not use SMS.

CISO in Software, 201 - 500 employees

SMS, Keys, etc... any of those can physically  stolen and/or cloned.  The bottom line is no 2FA is bulletproof... but it still does SIGNIFICANTLY increase security, as it increases the risk (of getting caught) and difficulty of the attack (e.g. proximity to the target, stealing something physical all increase the likelihood of getting caught).   

So just saying that 2FA is definitely worth the increase in security,  however have no illusion that it is bulletproof and can 100% prevent fraud. Know the limitations of your technology,  know you're enemy, and know thyself.

CISO in Software, 51 - 200 employees
Even with YubiKeys, etc., it's like RSA all over again: I used to have boxes of RSA tokens because everybody kept losing them and we were constantly reassigning tokens. So I see that happening with YubiKey as well and other hard code vendors like that.
Director of IT in Software, 10,001+ employees
FaceID and TouchID without a password fallback should be possible now with technology. Its always the edge cases that warrants the password as a fallback.

Content you might like

crowd strike38%

sentinel one56%

carbon black5%




CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.4k views133 Upvotes324 Comments

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


9.2k views9 Upvotes1 Comment