Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore the possibilities and challenges of a passwordless era.
This past year has been difficult for organizations globally, from having to deal with multiple cybersecurity issues due to evolving workforce models. But simple authentication methods that require only username and password combinations are inherently vulnerable to cyberattacks. Users today rely on a massive list of applications for their personal and professional functions that require them to keep track of an array of passwords that need to be frequently changed. Many users take risky shortcuts and lax password management practices to mount cyberattacks and steal confidential data. Today’s IT teams are spending an increasing amount of time on password-related issues, post the pandemic. Password stuffing and brute-force attacks, among other nefarious actions, have made personal and business logins vulnerable, putting critical information at risk.
Passwords are a knowledge-based authentication method that is dependent on some information unique to you that you provide, such as your favorite food, or the name of your first-grade teacher. But there are two other types of authentication, possession and inherence. Inherence involves “something you are”, such as a unique biological trait like a fingerprint or facial ID. Possession is “something you have”, such as a token or digital device that can receive a one-time password, or an approval code delivered via push notification in a mobile app.
There are several methods organizations can take advantage to reduce risk, including single sign-on (SSO), privileged password management, and multi-factor authentication (MFA). This helps organizations reduce IT costs by eliminating password-related risks and increases productivity among employees by saving time on passwords-changing tasks.
Before considering going completely passwordless, organizations should stay current with facts and features, including those presented in these articles:
Cyberattacks rank first among global human-caused risks. The World Economic Forum predicts that, by the end of this year, cybercrime will cost the world $11.4 million each minute. Because the adoption of MFA is progressing faster than initially predicted, the question is not about embracing this password security method, but staying up to date with the latest trends. Authentication methods must be secure and convenient, and go hand-in-hand with mitigating identity risk and maintaining compliance without impeding user productivity.
The first milestone in becoming passwordless could be using a single set of credentials and MFA for all business applications. But it requires considerable reengineering to fix the fundamental problem of not having a biometric scanner in every device in contrast to every digital device that comes with the keyboard.
FIDO (Fast ID Online) is an international standard that seeks to standardize authentication protocols for the wide range of login options currently available to identify techniques that are problematic from a security standpoint. FIDO also uses encryption technology to ensure that users’ credentials cannot be accessed or stolen. This can potentially have a major impact on security and authentication across industries. The objective is to make passwords obsolete by replacing them with possession and biometric factors.
While going passwordless can provide a more secure authentication method, there are challenges in the deployment of a passwordless model. The initial financial investment required to migrate to passwordless solutions, the regulations around the storage of the data required, and the time required to migrate to new types of methods are considered the biggest challenges for organizations to overcome.
A passwordless strategy doesn’t really substitute for passwords but rather supplements them. More significantly, it acts as a primary security improvement. Passwordless authentication might eventually provide the appropriate levels of access and security, but it is wise to consider utilizing an enterprise-grade privileged password manager now to stay on top of password security issues.
Organizations and employees need to keep in mind that passwords are here to stay, for now, but combining a passwordless login experience with a sound password management strategy and tool is the ideal approach to secure and streamline access to all login points.
As we continue exploring the world of remote work, numerous components are outside an IT groups’ control. From users’ gadgets and Wi-Fi connections, to applications and websites, remote work has expanded the dangers and the factors that should be considered. Figuring out the ideal approach to execute a consistent, smooth, and secure path for employees to sign in to all their work, regardless of where they are, is imperative.