How passwordless authentication boosts UXFred O'Connor | February 25, 2020
Businesses are starting to rethink the user experience around how their employees authenticate. As smartphone and mobile apps have made accessing information faster, easier and more convenient in our personal lives, completing this task in our professional lives still remains challenging.
Consider how you access your mobile phone. You likely touch a fingerprint sensor to unlock your phone or maybe you use facial recognition. So you’re essentially performing two-factor authentication (the mobile phone counts as possession and your biometrics counts as inherence) and quickly unlocking your phone without typing in a code or password.
Now think about how you access work applications. The authentication process likely isn’t as effortless or fast. You probably have to enter a password filled with special characters, upper case letters and numbers to access an application. And if your company requires two-factor authentication, you’re probably also entering a one-time passcode that’s emailed or texted to you, or you’re getting it from a mobile app like Google Authenticator. Or maybe your company still uses hard tokens that you have to carry around.
Bottom line: your work authentication experience probably isn’t as effortless or positive as your consumer authentication experience (who really enjoys contacting the IT help desk to reset their email password because they forget it while on holiday). And this matters because better user experiences generate better business outcomes.
So how can companies give employees an authentication experience that helps the business? One way is by adopting passwordless authentication. Eliminating passwords also eliminates the hassles associated with using them, providing a better user experience. There’s nothing to remember or type in or change to comply with password management policies. (And don’t forget about the security benefits of going passwordless. Eliminating them means attackers can’t use phishing scams to con credentials from employees or use passwords stolen in data breaches in other attacks.)
Here are a few examples of how passwordless authentication can help employees and businesses:
Less time resetting passwords, more time working: Password resets cost companies money. Instead of completing important assignments, workers are staring at their screen and waiting for someone in IT to reset their password.
Not fussing with password resets is especially important for field employees who need to visit customers (no one likes waiting for the cable guy or the washing machine repair person) or complete business-critical tasks during their shifts (like repairing a downed power line). And the IT professionals who reset the passwords could be working on tasks that are business critical.
Satisfied employees: Offering employees an easier way to authenticate without passwords leads to an overall better employee experience. And satisfied employees are more productive, more engaged, embrace digital transformation more, among other benefits. The benefits of passwordless authentication are especially acute in industries that require employees to remember many passwords to complete their jobs, like health care professionals.
And with two tech-savvy generations in the workplace (millennials, who watched technology evolve from personal computers to smartphones in their lifetimes, and now compromise 50 percent of the global workforce, and Gen Zers, who were born between 1995 and 2000, don’t know a world before iPhones and make up 24 percent of the global workforce), they expect to use technology to make their lives easier, including at the office. Incorporating passwordless authentication in digital transformation projects aimed at workers could help attract and retain this talent.
Stand out among the competition: Passwordless authentication can help businesses differentiate themselves from competitors. Consider challenger banks. While larger, established financial institutions make customers use passwords to access accounts and mobile apps, challenger banks can use innovative technologies like passwordless authentication to stand out. Offering a better user experience can help organizations retain customers in addition to attracting them.
Curious about going passwordless? Here’s what to consider
As enterprises look into passwordless authentication to improve the user experience, here’s what they should keep in mind:
— Find a passwordless authentication platform that offers a unified, seamless authentication experience. Organizations should look for a platform that unifies passwordless authentication across devices, applications and OSes. For example, employees should be able to use their smartphone’s biometric sensor to unlock their work laptop and email application, even if the devices and software come from different companies.
— Look for passwordless authentication solutions that are mobile first. Smartphones play indispensable roles in people’s lives and that’s why we always have them on us. Given how ingrained smartphones have become in people’s personal lives, they expect these devices to play an equally large part in their professional lives, particularly around offering a better authentication experience at work.
— Consider how the biometric template is stored. Using a distributed data model minimizes the risk of a template being exposed in a data breach. In this model, an encrypted template is broken into pieces and stored on a person’s smartphone and a company’s server. Attackers would need to access both the smartphone and the server to complete the biometric template.