01 May

3 Min read

World Password Day: Time to Ditch Passwords for Good?

May 1, 2025 Nok Nok News 0 comments

World Password Day: Time to Ditch Passwords for Good?

Every year, World Password Day comes around, reminding us to update our passwords. But this year, let’s ask a bigger question: Is it time to move beyond passwords altogether? At Nok Nok, we think so. Passwords have served us well, but in today’s digital landscape, they’re becoming more of a liability than an asset.

The History of Passwords: From Watchwords to Digital Headaches

Passwords have a surprisingly long history. From the Roman “watchwords” to Prohibition-era speakeasies’ secret phrases, the concept of using a secret word or phrase for identification has been around for centuries. In 1961, MIT’s Fernando Corbató invented the first digital password, allowing multiple users to share a computer securely.

However, as technology evolved, so did the number of passwords we needed to remember. Today, the average person juggles over 100 passwords. This has led to password fatigue, with many people reusing weak passwords or relying solely on their memory, both of which are risky.

The Problems with Passwords

Passwords are inherently flawed. Here are some of the key issues:

Password overload: With so many accounts, people often reuse passwords or choose weak ones, making them easy targets for hackers.
Phishing and brute force attacks: Cybercriminals frequently target passwords because they are relatively easy to steal or guess.
Password sharing: Sharing passwords, even with trusted individuals, increases security risks.
Password managers: While helpful, if the master password is compromised, all stored passwords are at risk.
AI cracking: Artificial intelligence can now crack common passwords in seconds, making traditional password security even less effective.

The Passwordless Future: A More Secure and Convenient Solution

At Nok Nok, we believe the future is passwordless. Passwordless authentication uses things you have (like your phone) or things you are (like your fingerprint) to log you in securely. This eliminates the need for passwords altogether.

Benefits of Going Passwordless

Stronger security: With no password to steal or guess, security is significantly improved.
Better user experience: Users no longer need to remember multiple passwords or go through password reset processes.
Lower costs: Fewer password resets mean less IT support and reduced costs.

How Nok Nok Enables Passwordless Authentication

Nok Nok provides best-of-breed passwordless solutions that make it easy to migrate from legacy to modern authentication methods like FIDO. Our proven platform supports:

Passkey authentication: Across the widest range of devices
Device-based for added security: Use a mobile device with a native app or a hardware token for authentication.
Flexible integration: Works seamlessly with existing apps and systems.

We work with various organizations, including top banks, retailers, and healthcare providers, to help them transition to passwordless authentication.

This World Password Day, consider moving beyond passwords. Let Nok Nok help you embrace a more secure and convenient future. The best password is no password at all. Maybe going forward we should rename this day to World Passkey Day, and eliminate passwords all together.

30 Apr

4 Min read

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

April 30, 2025 Nok Nok News 0 comments

Verizon 2025 DBIR: Credential Attacks Still Dominate – A Nok Nok Perspective

The Verizon 2025 Data Breach Investigations Report (DBIR) paints a clear, urgent, and yet familiar picture: password-related attacks remain the number one threat to organizations worldwide. As a leader in passwordless authentication, here at Nok Nok, we see the findings as both a wake-up call and a validation of our mission to move everyone beyond passwords.

Key Findings: Passwords and Credential Abuse Remain Top Risks

The report highlights several critical points regarding the persistence of credential-based attacks:

Stolen Credentials Are the Primary Entry Point: Credential abuse was the initial vector in 22% of breaches globally, making it the single most common way attackers get in. Attackers aren’t hacking their way in-they’re logging in through the front door using stolen, guessed, or leaked passwords.
Web Application Attacks Rely on Credentials: A staggering 88% of basic web application attacks involved stolen credentials. This highlights how password reuse and weak password policies continue to undermine security.
Phishing and Social Engineering Fuel Credential Theft: Phishing accounted for nearly 25% of breaches, and social engineering remains a top tactic for stealing login information. The median time for a user to click a phishing link was just 21 minutes-far faster than most organizations can detect and respond. Yikes!
Infostealers Target Devices and Credentials: 30% of infostealer-compromised systems were enterprise-managed, but 46% were unmanaged, often personal devices used for work (BYOD). This exposes organizations to credential theft outside their direct control.
Ransomware and Credentials: Ransomware was present in 44% of breaches, and infostealer logs containing corporate credentials were found in over half of ransomware victims. Credentials are often the first step to a much larger compromise.

Other Notable Trends from the 2025 DBIR

Beyond credential attacks, the DBIR also highlights other significant trends:

Exploitation of Vulnerabilities: Exploits targeting unpatched edge devices (like VPNs and firewalls) surged by 34%, now accounting for 20% of breaches. Attackers are increasingly automating the exploitation of known and zero-day vulnerabilities.
Third-Party Breaches: The share of breaches involving third parties doubled to 30%, highlighting the risks in supply chains and partner ecosystems.
Human Error: Human involvement remains a factor in 60% of breaches, reinforcing the need for user training and better security design.
Remediation Gaps: Only 54% of vulnerable edge devices were patched, with a median fix time of 32 days-leaving a wide window for attackers.

Why Passwords Remain the Weak Link

The DBIR’s findings confirm what we at Nok Nok have long argued: passwords are fundamentally flawed as a security mechanism. Attackers exploit them because:

They are easily stolen via phishing, malware, or leaks.
Users often reuse passwords, at work and at home, across multiple sites.
Passwords can be guessed, brute-forced, or found in breached databases.
Device and BYOD risks mean credentials can be compromised outside IT’s visibility.

As the report states, “Credential theft continues to be the key to the kingdom in the majority of breaches. And it’s not slowing down”.

The Path Forward: Passwordless Authentication

For organizations looking to break the cycle, the DBIR offers a clear mandate: move beyond passwords. Here’s how Nok Nok recommends responding:

Adopt Passwordless, Phishing-Resistant Authentication: FIDO-based authentication(aka passkeys) eliminate the risks of credential theft, phishing, and reuse by removing passwords from the equation.
Enforce Strong Access Controls for Devices: Ensure only managed, secure devices can access sensitive systems-especially in BYOD environments.
Accelerate Patch Management: Reduce the window for vulnerability exploitation by patching edge devices and VPNs rapidly.
Invest in User Training and Real-Time Detection: While technology is critical, user awareness and rapid response to phishing remain essential.

Conclusion: The Time to Act Is Now

The 2025 Verizon DBIR makes it clear: attackers are evolving, but they still rely on the same old trick – stealing passwords. Why? Because it’s the least path of resistance. Why spend time hacking when you can just log in instead? As long as organizations depend on passwords, breaches will continue. At Nok Nok, we believe the solution is simple: eliminate passwords, embrace modern authentication, and close the door on credential-based attacks for good. This gets us out of the arms-race and leap-frogs credential based attacks. If you’re attending Kuppinger Cole EIC 2025, our very own Rolf Lindemann, Vice President, Products, will be speaking to this very topic!

The future of security is passwordless. Let’s make 2025 the year we finally leave passwords behind.

02 Apr

3 Min read

Another Step Towards a Passwordless Future

April 2, 2025 Nok Nok News 0 comments

Another Step Towards a Passwordless Future

Microsoft’s announcement that it will be replacing passwords with passkeys for over a billion users by 2025 is huge news for the entire digital security landscape. At Nok Nok, we’re not just excited – we see this as the right approach, and another step on the long-overdue journey toward a passwordless future.

Why Microsoft’s Move Matters
Microsoft’s decision to make passkeys the default sign-in method across its platforms (including Outlook, Xbox, and Microsoft 365) is a powerful endorsement of passwordless authentication.

Here’s why we think it’s so important:

Reach: Microsoft can bring passwordless authentication to a massive audience. Educating their users about the benefits and ease of use of passkeys will accelerate adoption across the board.

Security: Passkeys, built on FIDO standards, offer significantly stronger security than passwords. They are resistant to phishing, keylogging, social engineering, and other common attacks that passwords are vulnerable to. With cyberattacks targeting login credentials on the rise, this enhanced security is purpose-built to meet security needs.

User Experience: Microsoft is focusing on a streamlined sign-up and sign-in process, making passkeys easy to adopt and use. By making the user experience simple and intuitive, they are removing a major barrier to adoption.

Another Nail in the Password Coffin
For years, passwords have been the weakest link in online security. They are hard to remember, easy to guess, and constantly targeted by attackers. The industry has known this for a long time, and we’ve been working towards a better solution. Microsoft’s move is another big step in getting rid of passwords once and for all, leading us closer to a more secure online world.

What This Means for the Industry
Microsoft’s commitment to passkeys will likely have a ripple effect across the industry. As more and more users experience the benefits of passwordless authentication, other companies will be compelled to follow suit. This increased adoption will drive further innovation and standardization in the passkey space, making it easier for everyone to implement and use passwordless solutions.

Why We’re Thrilled Here at Nok Nok
We here at Nok Nok have been a pioneer in passwordless authentication, and we’re excited to see a tech giant like Microsoft championing passkeys. We know that passkeys are the future of authentication. Microsoft’s initiative validates our vision and demonstrates the growing momentum behind passwordless technology. We have been building and deploying FIDO-based passwordless solutions for over a decade and our FIDO-certified solutions are deployed at internet scale to hundreds of millions of global end users. We are ready to support businesses in implementing passkeys and are excited about helping make the internet safer for everyone!

27 Mar

2 Min read

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

March 27, 2025 Nok Nok News 0 comments

Enhancing Amazon Cognito with Nok Nok’s FIDO-Certified Authentication

We’ve recently made an exciting announcement about what Nok Nok is doing with Amazon, and we’re proud of it. We’ve made our Nok Nok Authentication Cloud available for Amazon Cognito, directly from AWS Marketplace, which means businesses can easily integrate our exceptional authentication into their Amazon Cognito deployment.

Organizations using Cognito can now make logging in safer and easier. Instead of using passwords, organizations can implement phishing-resistant, FIDO-certified authentication with a seamless user experience through advanced technologies and adaptive security measures. Our Nok Nok Authentication Cloud prevents account takeover and fraud while offering a frictionless login experience tailored to modern security needs.

What’s really cool and the best part about the integration is that Nok Nok Authentication Cloud makes it easy to transition from legacy methods to modern FIDO-based passkey authentication, simplifying the complexities across platforms and devices. This means organizations can take advantage of features like adaptive authentication policies, which, once configured, will adjust authentication paths based on contextual data like existing credentials, device type, device health, and location. This flexibility allows Amazon Cognito customers to select the authentication options best suited to their application ecosystems while ensuring they stay ahead of evolving cybersecurity standards.

This is a big deal for organizations using Amazon Cognito because it simplifies the process of implementing secure authentication. They can get it directly from the AWS Marketplace, which makes it easy to set up and manage, helping them stay ahead of evolving cybersecurity threats.

We’re proud to have our Nok Nok Authentication Cloud available to Amazon Cognito users because it will help these organizations combine security with a smoother user experience. And since it’s integrated with the marketplace, it’s easy for companies to purchase, adopt, and use.

If you’d like more information, please check out this integration video and contact us via the form below.

31 Jul

3 Min read

Navigating the Path to Passkeys: One Approach Does Not Fit All

July 31, 2024 Nok Nok News 0 comments

As businesses and government organizations embark on their journey towards implementing passkeys, careful planning and consideration of various factors are crucial to ensure a smooth transition. We think one of the most critical and valuable to the organization is “the path” – where to start, and how to stage the phases. Passkeys offer numerous benefits, including enhanced security, improved user experience, and reduced operational costs. But careful consideration of the steps that surround the actual passwordless path is critical, especially for organizations in high security and regulated markets.

What are all these steps and why are they important in migrating to Passkeys?

Defining Goals and Priorities

Before diving into implementation, organizations must first define their specific goals and priorities for adopting passwordless technologies. Whether the aim is to bolster security measures, streamline user access, or cut down on operational expenses, clarity on objectives is essential from the outset.

Assessing Current Security Infrastructure

With goals and priorities aligned, next up is understanding the current state of the organization’s security infrastructure. Too often organizations will miss a step as they haven’t identified potential gaps in existing solutions and assessing security posture are vital steps in preparing for the transition to passwordless authentication. This is particularly critical in industries with stringent regulatory requirements, such as finance and healthcare, where compliance and data integrity are paramount.

Prioritizing Use Cases

Once goals are established and the security landscape is assessed, prioritizing use cases becomes the next step. Different applications and user interactions may require varying levels of security and access control. Thus, businesses must identify which use cases are most critical and prioritize them accordingly. This involves determining which use cases necessitate the highest level of security and which could benefit from a simplified user experience.

Paths to Implementing Passwordless Solutions

With these considerations in mind, we have learned that organizations can explore various paths towards implementing passwordless solutions, each tailored to specific needs and use cases with related benefits. Where an organization starts depends on their goals and priority use cases. For example, for organizations with a mobile first strategy and high security needs, they may consider “hardening” their mobile application with a device-bound passkey first as most companies are enabling biometrics in a less secure way. This provides a “trust anchor” through the mobile app. Alternatively, businesses can opt to start by replacing passwords in applications with synced passkeys, either for web-only usage or across both web and native applications. There are pros and cons to consider and it’s important to understand the security and user experience ramifications. For high security markets, combining device bound and synced passkeys can enable organizations to address various use cases in the most convenient and secure manner.

Planning and Rollout

While these paths may seem straightforward, transitioning to passwordless requires meticulous planning and phased rollout. Testing and refining your approach in controlled environments allows organizations to mitigate risks and make necessary adjustments based on initial feedback and performance. This approach ensures a smoother transition and enhances both security measures and user satisfaction.

For businesses seeking guidance on navigating the complexities of implementing passwordless authentication, partnering with experienced providers like Nok Nok can offer invaluable support and expertise. With over a decade of experience in deploying FIDO-based solutions for trusted brands across various industries, Nok Nok is well-equipped to assist organizations in transitioning to a passwordless future.

To learn more about accelerating your journey towards passwordless authentication, reach out to Nok Nok today.

25 Jun

4 Min read

Moving to Zero Trust – Implementing M-22-09 – Time is Running Out

June 25, 2024 Nok Nok News 0 comments

Just over three years ago, the Biden Administration released Executive Order (EO) 14028 - Improving the Nation’s Cybersecurity. The EO marked a significant milestone in the ongoing battle against cyber threats, acknowledging the critical need to fortify the nation's digital defenses in an increasingly interconnected and vulnerable landscape.

27 Oct

3 Min read

Authenticate 2023: The Tipping Point for Passkeys and Passwordless Authentication

October 27, 2023 Matt Lourie 0 comments

Last week, Nok Nok attended Authenticate 2023, the industry’s only conference dedicated to all aspects of user authentication, with a focus on FIDO. According to a poll, over half of the attendees were new to FIDO, highlighting the growing interest. It was incredible to see how far the industry has come. When the FIDO Alliance was first founded 11 years ago by Nok Nok and 5 other visionary co-founders, passwordless authentication was just a bold theoretical idea. This, however, marked the start of an industry movement to passwordless authentication. With over 600 attendees representing major platforms, vendors, and industries, Authenticate 2023 demonstrated the tremendous momentum and excitement building around passkeys.

Passkey Readiness

Leading up to the conference, Google and Apple made big announcements concerning passkeys. All users signing in to Google accounts will be prompted to create and use passkeys instead of passwords. Similarly, Apple announced their plans to automatically assign a passkey to a user’s Apple ID when it launches iOS 17, iPadOS 17 and macOS Sonoma.

These major industry roll outs signal that passkeys are ready for mainstream adoption everywhere we currently use passwords. There were many sessions on passkey success stories, with practical advice on real-world implementation and deployment considerations.

User Experience is Key for Growth

One key focus at Authenticate 2023 was the importance of optimizing the user experience for passkeys. There were many informative sessions covering how to refine the passkey authentication experience for users. Speakers shared user experience (UX) design principles to keep in mind, accessibility considerations for inclusive authentication, and ideas for balancing strong security with usability in passkey flows. The sessions made clear that while technology may enable passwordless authentication, thoughtfully designing the UX is crucial for driving mass adoption.

FIDO Adoption

With passkeys becoming more widely used, the conference examined deployment challenges, best practices, and lessons learned for a wide range of workforce and consumer-facing use cases. These included fintech (Intuit), media, e-commerce, travel, and gaming. The sessions provided key takeaways for organizations implementing FIDO-based authentication including Nok Nok’s session by Dr. Rolf Lindemann on Strategies for Using Passkeys in Regulated Markets.

FIDO Usage in the Government

Several sessions dove into adoption of FIDO standards and passkeys by government agencies. There was recognition that while Personal Identity Verification (PIV) cards are vital for government use cases, FIDO has an important role to play in addressing gaps where PIV cards are not viable. These insights highlighted the complementary value and growing role passkeys are playing in public sector digital transformation. For more information, see the recently published FIDO Alliance Guidance for the US Government.

From major platform announcements to real-world deployment lessons learned, Authenticate 2023 showcased the enormous progress and potential of passwordless FIDO-based authentication. As passkeys and FIDO standards continue to gain momentum, the conference provides valuable insights for any organization implementing modern authentication.

11 Oct

3 Min read

Ditch the Passwords and Embrace Passwordless Solutions for Effortless E-Commerce

October 11, 2023 Nok Nok News 0 comments

In our hyper-connected digital era, where online shopping is an integral part of our lives, the cumbersome process of creating and managing passwords has become a significant roadblock for e-commerce platforms. A study by NordPass reveals that a typical internet user juggles between 70 to 80 different passwords, highlighting the complexity users face in managing their online identities. It’s high time we explore more convenient and secure alternatives to passwords to enhance the online shopping experience.

Imagine signing up for e-commerce websites with the same ease and simplicity you experience when unlocking your mobile device using facial recognition or a finger swipe. The prospect is intriguing, practical and when done correctly, more secure. Biometric authentication could potentially revolutionize the way we interact with online platforms, particularly in the realm of e-commerce.

One of the costly issues faced by e-commerce sites is shopping cart abandonment, which accounts for a staggering $18 billion in lost revenue annually. A significant portion of this abandonment stems from the cumbersome process of creating a password during the checkout process. When users are prompted to create an account with a password, especially when they are trying to complete their transaction, friction is introduced. This friction can discourage potential customers, leading them to opt for a guest checkout and even abandon their carts.

The consequences of this friction extend beyond lost sales. E-commerce platforms miss out on the opportunity to build customer loyalty and gather valuable customer data for tailored marketing strategies. When users opt for guest checkouts, companies lose the chance to personalize their outreach and marketing efforts. Marketing is all about understanding your audience, and the more information a company has about its users, the better they can target and engage prospective customers effectively. Studies show that users who create accounts have a 10% higher average order value.

What if e-commerce websites offered an alternative solution to the traditional password setup, allowing users to employ biometrics for authentication in the form of “one-step checkout” so that customers don’t have to enter their information repeatedly? Passwordless authentication that utilizes biometrics, such as touch ID and Face ID can provide a seamless and secure user experience. No need for complex passwords! Additionally, implementing FIDO-based Passkey authentication solutions, like those offered by Nok Nok, can protect users from the most common type of attack – phishing – making it extremely difficult for malicious actors to gain unauthorized access to accounts. This proactive approach to security not only benefits customers but also strengthens the credibility and trustworthiness of e-commerce platforms.

By embracing passwordless authentication solutions, e-commerce platforms can simplify the onboarding process leading to increased account creation and reduced cart abandonment rates. The seamless experience would encourage users to complete their purchases, engage more often and potentially foster long-term relationships, leading to increased revenue and enhanced customer loyalty.

It’s evident that the traditional method of creating and managing passwords is outdated and cumbersome, particularly in the fast-paced world of e-commerce. Implementing FIDO-based passkey authentication can be a game-changer, providing users with a more convenient and secure means of accessing e-commerce sites. It’s time for the industry to embrace these innovative authentication methods and elevate the online shopping experience for everyone.

17 Feb

1 Min read

Nok Nok Featured on Keen On

February 17, 2023 Nok Nok News 0 comments

Nok Nok on KEEN ON. When Will Silicon Valley Fix its Annoying Password Problem? Nok Nok’s Phillip Dunkelberger on digital technology that might finally kill the online password as featured on the KEEN ON podcast with Andrew Keen. In this KEEN ON episode, Andrew Keen talks to Nok Nok CEO Phillip Dunkelberger on digital technology that, he promises, will finally kill the online password.

View more KEEN ON content here and enjoy additional Nok Nok Videos here.

12 Jan

1 Min read

Customers Don’t Need a Password

January 12, 2023 Nok Nok News 0 comments

In this video, we discuss how your customers don’t need a password with a passwordless authentication solution from Nok Nok. Eighty percent of all cybercrime starts with stolen passwords. Beyond that your customers hate passwords, forget passwords, and use up your valuable resources to reset passwords. But with Nok Nok’s solutions, your customers don’t need a password. That’s because Nok Nok provides passwordless authentication, including expert support for passkeys, that allows customers to easily and securely access your services. That saves time, saves money, and improves the trust your customers have placed in your brand. Choose the company with the largest banks, telcos, and financial services trust to protect their customers. Choose Nok Nok, the global leader in passwordless authentication.

Connect with us on Linked IN

Schedule a Free Learning Session