#285 - Passwordless Authentication (with Nishant Kaushik)

#285 - Passwordless Authentication (with Nishant Kaushik)

From CISO Tradecraft® by G Mark Hardy & Ross Young

May 25, 2026 · 42 min · Episode 285

About this episode

G. Mark Hardy and Nishant Kaushik discuss the shift towards passwordless authentication and its implications for cybersecurity.

In this discussion, G. Mark Hardy and Nishant Kaushik explore the necessity of moving beyond traditional passwords, which they define as the original sin of cybersecurity due to their vulnerability to credential stuffing and phishing attacks. Kaushik explains that the FIDO Alliance promotes a passwordless future by replacing shared secrets with asymmetric cryptography, utilizing private keys stored on smartphones or hardware tokens like YubiKeys to ensure phishing-resistant authentication. The conversation highlights that identity is the new perimeter, shifting the focus from human-memorized codes to biometric verification and device-bound passkeys that verify user presence. Ultimately, the experts warn that a secure transition must include robust account recovery flows, as failing to secure the "back door" renders even the most advanced cryptographic-based authentication vulnerable to exploitation. FIDO Alliance - https://fidoalliance.org/

People in this episode

Host: G. Mark Hardy

Guest: Nishant Kaushik

Topics covered

  • passwordless authentication
  • cybersecurity
  • credential stuffing
  • phishing attacks
  • biometric verification
  • asymmetric cryptography

Keywords

  • passwordless
  • authentication
  • cybersecurity
  • FIDO Alliance
  • biometric
  • asymmetric cryptography
  • credential stuffing
  • phishing

Mentioned in this episode

Organizations: FIDO Alliance, YubiKeys

More episodes of CISO Tradecraft®

Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.