How eliminating passwords improves the authentication experience for employees (and boosts productivity)Fred O'Connor | September 19, 2019
Employees face a less-than-stellar experience logging in to the many applications they use. First, they have to create unique passwords for all the applications, cloud services and tools that they need. There’s a password for Salesforce, Dropbox, WordPress, HubSpot, Citrix, G Suite and the desktop, among the many other applications employees rely on. Then they have to remember those passwords. But employees have far too many passwords to remember and resort to convenient, but insecure password management policies. Some of those include reusing the same password across multiple applications, using a common phrase as a password and writing passwords on a Post-It that’s placed on your laptop or monitor.
Organizations’ password management policies don’t offer much relief. Employees are often required to create long, complex passwords containing special characters and punctuation and change their password at regular intervals. Meant to make passwords more difficult for attackers to use, the effectiveness of these policies is now being questioned. Notably, Microsoft in April said it was no longer recommending periodic password changes as a security practice.
So how can organizations improve the authentication experience for their employees? By eliminating the password.
Passwordless authentication completely removes the password from the authentication process. Employees are never asked to create a password or use one to log in, regardless of the device they’re using. In other words, whether employees are using a mobile app or their laptop’s browser, they’re never prompted for a password. Using password authentication isn’t an option.
How going passwordless benefits employees and organizations
Employees aren’t the only ones who benefit from passwordless authentication. Organizations stand to gain from ditching passwords. Here’s how passwordless authentication can help companies.
More productive workers: Employees are freed from the cycle of trying to remember their password, typing in what they think it is, being rejected, trying again, getting locked out of their account and then calling IT to reset their password. This process is highly unproductive. Eliminating passwords means employees can do their jobs instead of wasting their time waiting to get back into their account.
Passwordless authentication also makes IT professionals more productive. They usually handle password resets, which are likely a low priority for them. Eliminating passwords resets gives them time to work on projects that add value to the business.
Curious about going passwordless? Then check out this guide to learn more about its benefits.
Lower operational costs: Password resets don’t just impact worker productivity. They also impact the bottom line. Okta found that password resets cost $70 per employee. Veridium estimates that enterprise with 10,000 employees spend $1.9 million annually on password resets. Removing passwords would lower the operational costs associated with resetting them.
Increased security: Using passwords to access corporate networks, computers and servers remains a key tactic for threat actors. With credentials commonly exposed in data breaches (Veridium calculated that 390 million passwords were exposed in some of 2018’s largest data breaches), there’s an increased chance that, eventually, a person’s username and password will end up in the public domain. Attackers know that people reuse passwords and that there’s a chance a stolen password could get them into users’ high-value accounts, including ones used for work.
Eliminating passwords eliminates the security risks associated with them. Phishing attacks loose their potency if there aren’t any credentials to con out of employees. And if there aren’t passwords to steal, threat actors can’t use them to infiltrate companies.
Enterprises showing interest in passwordless authentication
Companies realize the security and user experience issues with passwords and are showing interest in passwordless authentication. Microsoft, in particular, has championed passwordless and is doing away with password authentication for its employees this year. And the next major Windows 10 release, which will give people the option of using Windows Hello instead of a password to access Microsoft accounts, could spur greater enterprise adoption of passwordless authentication. Meanwhile, Gartner noted an uptick in passwordless inquiries from companies in 2018. The research firm predicted that by 2022, 60 percent of global companies and 90 percent of midsize companies will implement passwordless methods in more than half of use cases, up from 5 percent in 2018.