The top six reasons to use passwordless authenticationFred O'Connor | October 24, 2019
Everyone seems to want to stop using passwords. Security and IT professionals loathe them because they’re frequently used by attackers to infiltrate organizations. Anyone who handles user experience dislikes passwords because they’re not very user friendly. Despite this grumbling, passwords have been the main way we authenticate since the 1960s, chiefly because no one has come up with a better alternative.
But that’s changing. Smartphones equipped with biometric sensors have made passwordless authentication possible. Instead of using what you know to authenticate, people are using what they are. The result is faster and easier authentication for employees and consumers and increased security for organizations. Here are the top six reasons for using passwordless authentication.
Better security by eliminating phishing attacks and the use of stolen credentials
Threat actors continue to use passwords to infiltrate organizations. Of the 41,686 security incidents covered in the Verizon Data Investigations Breach, 61 percent were attributed to passwords. Phishing was the cause of 32 percent of the incidents and stolen credentials, which are still a prominent infiltration vector, were used in 29 percent of the attacks.
Going passwordless eliminates the security issues associated with passwords. Phishing isn’t a threat if there aren’t passwords to con out of employees. And when passwords are removed from authentication, they can’t be stolen and used by threat actors in other attacks.
Passwords are a pain to use. They have to be created. They have to be remembered. And, despite people’s best efforts, they’re easy to forget. That leads to the hassle of a password reset. That process can entail calling or emailing the help desk and waiting for someone to either take your call or reply to your email.
Passwordless authentication does away with all of this. There’s nothing to create, remember or type in. Instead, you touch your smartphone’s fingerprint sensor or use the device’s facial recognition capabilities to authenticate.
Increased worker productivity
Eliminating password resets means increased employee productivity. When can’t access an application or services because you forget your password, you can’t do your job. Instead of running a report or working on a presentation, you’re staring and glaring at your monitor while waiting for the IT department to reset your password. A seemingly minor task like resetting a password can take much longer than anticipated and consume a chunk of the work day.
Want to learn more about going passwordless? This white paper on the differences between passwordfree authentication and passwordless authentication is a good place to start.
By password resets don’t impact the productivity of just Linda in HR and Joe in accounting. IT personnel are also affected. Instead of resetting passwords, they could be working on more important projects that help the company meet its business goals. Going passwordless lets employees from all departments reclaim their time from password resets.
Reduced password management costs
Resetting passwords costs companies an average of $70 per employee, per reset, according to Okta. Veridium estimates that password resets annually cost organizations $1.9 million based on an enterprise with 10,000 employees.
Removing passwords from authentication reduces these costs. If passwords aren’t used, companies don’t have to spend money resetting them.
Give people the authentication experience they expect
Consumer technology has changed how people authenticate. Passwords are out, smartphones and biometrics are in. Instead of remembering and typing in a long password, people want to touch their phone’s fingerprint sensor or use the device’s facial recognition technology.
The authentication experience they want is fast, easy and seamless. In other words, the opposite of what passwords usually deliver. And they’re looking to use it in situations beyond consumer use cases, such as approving online purchases, accessing work applications and opening bank accounts. Passwordless gives people the authentication experience they want.
Authentication is going passwordless
Microsoft is replacing passwords with biometrics for employee access and expects other companies to follow suit within six years. Meanwhile, Gartner said that by 2022 “60 percent of
large and global enterprises, and 90 percent of midsize enterprises, will implement passwordless methods in more than 50 percent of use cases — up from 5% in 2018.”
Given Microsoft’s backing and Gartner’s observations, passwordless authentication isn’t a passing trend. It’s on track to become the main way people authenticate in a few years. Organizations that go passwordless now stand to benefit from improved security, lower operational costs and a better user experience.