KUALA LUMPUR (Sept 10): Passwords are responsible for over 80% of data breaches and present significant risks by being susceptible to phishing, harvesting and replay attacks, according to FIDO Alliance, a standards body setting a global standard for authentication.

Passwords have long been the primary method of authentication, but with the increasing sophistication of cyber threats, the need for stronger security measures has become evident, said experts during the FIDO APAC Summit 2024 held in the JW Marriott Hotel in Kuala Lumpur on Tuesday. 

Passwordless solutions, such as biometric authentication and hardware tokens, offer enhanced protection by reducing the risk of unauthorised access. These technologies provide a more secure alternative to traditional passwords, addressing vulnerabilities like phishing, credential harvesting and replay attacks, they said. 

“Usernames and passwords remain the most common authentication methods in digital services and platforms, yet they also represent one of the weakest links in cybersecurity,” said Datuk Amirudin Abdul Wahad, CEO of Cybersecurity Malaysia in his congratulatory keynote.

“We face persistent challenges, such as phishing attacks, password breaches and the prevalence of weak or reused passwords. These vulnerabilities jeopardise individual privacy and threaten the integrity of our critical infrastructure and international security.”

FIDO Alliance, or the Fast Identity Online Alliance, is an open industry association with a mission to reduce reliance on passwords with the use of passkeys, a FIDO-credentialed password replacement as a passwordless authentication method. 

“We need to get away from thinking about how to make passwords better by adding on another factor, and think more about the threat. How do we make un-phishable identities, how do we think about that threat?... And that's what passkeys bring to the table,” said Andrew Shikiar, CEO and executive director of FIDO Alliance.

“Over 20% of the world's top websites and services already support passkeys. It's only been two years since we introduced this concept, and one reason why we've seen such rapid adoption is that there's proven success.”

He said that major brands are seeing faster and successful logins with the passkeys, and shared that one of the heads of authentication at Amazon reported a 14% increase in sign-in success rate. 

Participating in the summit was Edward Law, CEO of digital security solutions provider Securemetric which joined the FIDO Alliance in 2015 and has invested heavily into developing FIDO certified products. 

Securemetric is one of the early supporters and developers of FIDO solutions in Southeast Asia and is committed to promoting and contributing to adopting FIDO standards across the region to bring secure passwordless solutions for business and consumers alike. 

During a media briefing, Securemetric chief technology officer Sea Chong Seak demonstrated a use case of FIDO tokens as passkey authentication that comes in a physical form and also a virtual app in phones. 

“Our government is using this type of token for authentication. In relation to what token [can be used], it covers a lot of technical [aspects] including cryptography mechanisms. For example, [the] type of signature [or algorithm] it supports, or [the tokens that] can be used as an authenticated domain name,” he said.