Why Your IT Department Needs to Part Ways With Passwords
The password is an old technology. While it was reasonably good during Prohibition and still serves the needs of exclusive speakeasies in New York and San Francisco, it isn’t as effective at protecting enterprise data.
“There is a growing urgency for enterprises to part ways with passwords,” says Ori Eisen, founder and CEO of authentication technology firm, Trusona. “The last decade has seen the industry delivering solutions that attempt to make static credentials more secure, from two-factor authentication to SMS to hardware tokens. Unfortunately, the reality is that those patchwork measures still haven’t protected them from the costly and ever-increasing data breaches from static credentials we see on the news.”
Enter passwordless authentication, the next step in authentication technology. Instead of having employees create weak passwords that they often reuse, passwordless authentication does away with passwords entirely and instead relies on biometric or other data for identity verification.
This is a technology that most people already know from their smartphone, since almost all iPhone and Android users already log in with a fingerprint or facial scan instead of the lowly password. It also is a technology that business is adopting fast; roughly 60 percent of large enterprises and 90 percent of midsized enterprises will implement passwordless technology by 2022, according to analysis from research firm, Gartner.
So skip password management and think about adopting a passwordless strategy instead. Here’s why.
Learn More: How Biometrics Is Becoming the Security of the Future
1. Costs are Lower
Password management is a cost center. There’s the cost of lost productivity from employees that have to stop work to log into systems each day, the cost of employee time lost when locked out of a system, and the cost of IT support when resolving password issues.
This says nothing of the cost from having a data breach; roughly 32 percent of data breaches involve phished passwords, according to Verizon’s 2019 Data Breach Investigations Report, and 78 percent of all cyber-espionage relies on it.
“Pay now to pay less later,” advises Greg Young, vice president of cybersecurity at security firm, Trend Micro. “Not only does the effort of less reliance on passwords pay off with avoiding a big breach, but it also can lower costs on helpdesk interactions when online password resets fail.”
2. Employee Logins are Easier
There’s two primary benefits from making logins easier for employees by foregoing the password. First, there’s the increase in employee productivity. Then there’s the question of morale.
“In today’s digital world, employees and consumers alike expect an intuitive user experience,” says Eisen. “Passwords bring with them a lot of needless, routine friction.”
Getting rid of passwords also boosts productivity. Achieving a better, more seamless login experience across the enterprise fosters productivity by reducing the pattern interrupts that come from logging into systems several times per day. That’s why Apple essentially eliminated passwords in favor of biometric and facial scans, and the benefit of this reduced friction is at least as great for companies that are paying people to work with their time.
Learn More: Going Passwordless: 5 Authentication Trends to Watch
3. Security is Stronger
Passwords are rarely secure. Let’s be honest here. Everyone gets fooled into clicking a malicious link eventually.
“In every FBI, Verizon DBIR or other cybercrime report, we almost always see the damage starts with compromised credentials,” says Eisen. “We’re also seeing abuse of mobile phone numbers becoming more common. SMS-based two-factor identification is better than nothing, but at a time when people can learn or steal your mobile number in a SIM swap or similar attack, mobile numbers risk being like passwords—just another house of cards in security.”
The beauty of passwordless authentication is that credentials can’t get compromised. There’s nothing to steal, misplace or leave unsecured. Employees can’t create weak passwords or reuse them, either.
“Passwordless authentication puts security in your hands, rather than expecting users to secure it for you by hoping against all reality they don’t reuse passwords,” stresses Young.
4. Customers Feel More Secure (and Often Buy More, Too)
From a customer-facing perspective, passwords also reduce trust. Customers are awash in login schemes, so many now can tell when IT systems are dangerously exposed and reliant on insecure methods like a single password.
“If you have a weak level of online trust, your customers, partners and employees experience first-person proof that you don’t value their privacy and can’t be trusted,” notes Young.
Password schemes often hurt sales, too.
“We give up on commerce with sites that tire us out with password reset hassles,” says Young. “I’ve left a lot of items in online shopping carts when I give up on their password schemes.”
Learn More: COVID-19 Sounds the Death Knell for Passwords – Passwordless Authentication Is the Future
5. Makes the World a Better Place
In this age of corporate responsibility, moving to a passwordless authentication system also helps the world at large by reducing the stockpile of reused passwords that are available on the internet.
This isn’t a social good that gets much play, but it is a real contribution all the same. Eliminating passwords reduces the chance that other services will get hacked, and it helps rob cyber criminals of a key source of funding.
“The caches of compromised passwords across the internet is a chronic, combustible fuel that eventually serves to fund the evil acts that impact far too many,” says Eisen.
So forget the password. Your IT department doesn’t need password management. It needs a new system that foregoes passwords entirely.
Do you think passwordless logins can give users a secure, frictionless experience? Comment below or let us know on LinkedIn, Twitter, or Facebook. We’d love to hear from you!
