A future without passwords. It’s just around the corner. This may feel impossible today, particularly if you have a collection of passwords for every online website, app, or activity you participate in. Usernames and passwords alike are rapidly becoming a relic of the past. Outdated and often overcomplicated, they no longer offer a reasonable level of security.
Outdated usernames and passwords serve to increase the potential attack surface for all organizations, which has led to the adoption of additional security methods. Whether two-factor authentication (2FA), hardware tokens, or one-time passcodes (OTP), these added levels of security can prove cumbersome for users. They can also often be circumvented, leaving an organization even more vulnerable to an attack or a breach.
A passwordless future is not only possible, it’s here today. With next gen authentication that leverages the pervasiveness of smartphones, their security hardware, and the built-in biometric sensors many devices already have. With the removal of usernames and passwords, enhanced security is possible, while also ensuring that authentication is fast, simple, and frictionless for the end user.
There are several compelling reasons to embrace a future without passwords.
Eliminating phishing and malware attacks
If there are fewer or no passwords, there’s really no reason for phishing and malware attempts. This is one less headache for IT departments and users to worry about. No more worrying about accidently clicking on a link, accidentally giving aware credentials.
Phishing remains one of the most common cybersecurity concerns. A passwordless future is also a phishing free future. It also means that cybercriminals will be much less of a threat to the security of the individual and the organization.
Convenience and simplicity for users
The truth is that humans are notoriously bad at remembering passwords. Many of us handwrite our passwords and leave them on paper around the house or office. We maintain spreadsheets of passwords, or we use a password manager, which itself is protected with a password.
With the integration of passwordless authentication there is almost nothing for the user to create, remember, typo, maintain, or risk. What could be better than increased security and boosted convenience?
Reduced strain on IT help desks
With so many usernames and passwords to try and keep track of, it’s common to see users routinely forgetting or mistyping their login credentials. This problem is thought to be responsible for between 30 and 50% of IT help desk tickets. Account password resets lead to losses for organizations – a loss of time, a loss of productivity, and a financial loss.
Without needing to contend with username and password concerns, IT help desk call volumes will significantly decrease, which has the potential to save an organization both time and money.
Passwords do not prove identity
Passwords on their own do not prove the identity of the person who is logging in. A password is an authentication key that works as a proxy to the identity of the user. A password that has been compromised is an identity that has been compromised.
By using a mobile device as part of the passwordless authentication process, the built-in biometrics can be leveraged to facilitate identity proofing and ensuring that the user is truly who they say they are.
While organizations and users may not yet be ready to fully embrace a passwordless future, the technology is ready and waiting. What is it going to take to see more adoption across industries? A better understanding of the technology, a better understanding of the benefits, and a thorough understanding of the increased security that a passwordless world offers is a good start.
We’ll explore more about a future without passwords in an upcoming blog post, where we’ll delve in deeper.