Clifford Stoll, author of The Cuckoo’s Egg, an investigation into the hacking of the Lawrence Berkeley National Laboratory that led to the capture of hacker Marcus Hess, famously said: “Treat your password like your toothbrush. Don’t let anyone else use it and get a new one every six months.”

The paper, How Effective is Multifactor Authentication (MFA) at Deterring Cyberattacks? concludes that implementing MFA leads to a 99.22% reduction in the risk of compromise across the entire population, and a 98.56% reduction even in cases where credentials have been leaked.

To be clear, MFAs can be hacked. Roger Grimes, defense evangelist at KnowBe4, published a 41-page ebook in which he details over 12 ways to hack MFA but that’s for another podchat.

In this Podchat, we revisit the continuing evolution in password use, and the potential influence of artificial intelligence on both sides of the identity protection fence. Andrew Shikiar, executive director with FIDO Alliance, joins us once again, to walk us through key findings in the Online Authentication Barometer and what this means to use in Asia.

1. FIDO was founded in 2012. Twelve years on, why are organisations/users still relying on passwords to access systems and data?

2. How has generative AI reshaped the cybersecurity landscape, particularly when it comes to identity access management?

3. How can passwordless authentication methods, like biometrics or passkeys, help protect against AI-driven cyber threats?

a. What makes them (passwordless authentication techniques) more secure than traditional password systems?

4. Are there any specific industries or sectors that are particularly susceptible to AI-fueled scams?

a. Why are these organisations at greater risk from AI-fueled scams?

5. How can they benefit from implementing passwordless authentication to enhance their security posture?

6. 2024 is just around the corner. What can we expect as regards how organisations secure access to data and systems?

7. As more enterprises use cloud, how should CISOs and CIOs engage their cloud service providers as regards the use of passkeys and other authentication technologies?