ao link
Business Reporter
Business Reporter
Business Reporter
Search Business Report
My Account
Remember Login
My Account
Remember Login

The merits of passwordless authentication

Simon McNally at Thales explores the benefits of moving away from passwords as a methof of authentication

 

Passwords are highly problematic from a cyber-security perspective. Easy-to-hack passwords top the popularity list every year – qwerty, password, and 123456 are just a few examples. 

 

As such, password advice has since evolved to encourage more complexity, and involves creating passwords or passphrases that would be harder for a cyber-criminal to crack. As we all know, this advice often includes two unrelated words, a minimum length of eight characters, and a mixture of numbers, letters and special characters. 

 

The problem with this solution though, is that it is still far from secure and puts the onus on the user. With the advice encouraging us to have long, complex passwords for personal and professional use (and to use a different password for each account), there is a risk that people will either use the same password for all of their online accounts, or revert back to easy, simple to remember terms.  

 

The impact this is having on businesses cannot be understated. According to our Thales Data Threat Report, the human factor remains the number one cause of data breaches. It’s therefore imperative that organisations move away from a purely password means of authentication. 

 

Moving towards Multi-Factor Authentication  

More security-conscious organisations would have already moved beyond the traditional password and will have adopted Multi-Factor Authentication (MFA). In a nutshell, MFA requires users to verify their identity through more than one means – be that through smart-cards, one-time codes or phone verification. This creates an extra layer of security, reduces the risk of unauthorised access, and mitigates against the risk of stolen credentials. 

 

The benefits of MFA are clear, and well established. However, the issue of putting too much onus on the end-user remains. Many users find it cumbersome and choose to bypass it and find work-arounds. But as shifts to remote work and the cloud increases, having MFA has never been more critical. So, how can we truly move away from the risks associated with legacy passwords altogether?

 

The solution: Passwordless authentication

Passwordless authentication offers an alternative means to verify a user’s identity, without using a traditional password. Instead, passwordless authentication uses more secure alternatives like possession factors, biometrics, or digital credentials like passkeys.

 

Such authentication methods are already used by many on a day-to-day basis, such as when people use their Face ID to unlock their mobile phones. And at a business level, they are already being deployed across some industries like banks, travel, e-commerce, government services and critical infrastructure, for example.

 

With further organisations set to adopt passwordless authentication more widely in the coming years, what are some of the benefits it promises, and why should CISOs, and wider IT teams start to think about transitioning away from traditional passwords?

 

Security gains

Security is the most important benefit of passwordless authentication: Password-related attacks, like phishing, are mitigated with no passwords available to be compromised in the first place. Credentials also cannot be shared, stolen, or easily guessed, unlike passwords, enabling more stringent access controls are enforced.

 

In addition, accounts can more easily be recovered, should a password be forgotten or an account become locked. Passwordless processes ensure only legitimate account holders can gain entry. Passwordless authentication can therefore be used as both as a preventative measure to entry whilst making it more secure to gain back access when accounts are lost.

 

Efficiency for all

Efficiency gains for the consumer are also noteworthy and will help drive greater adoption in years to come. The time it takes to reset a forgotten password compared to using a digital identity or passwordless process to authenticate yourself is incomparable – the latter will streamline processes for both businesses and consumers.

 

An improved user experience is also important as it generates more usage over time, benefiting businesses but also saving the consumer time, creating a more positive relationship with whatever technology they might be using.

 

Seamlessly fitting into existed architecture

Passwordless authentication can be incorporated into existing MFA authentication methods and integrated with existing systems.

 

However, vendors will have to be consulted to ensure that all applications and APIs are sufficiently set up. This means that user bases will need to be sufficiently onboarded and trained to help with the transition from traditional passwords. Although this may take time at first, in the long run businesses will be more protected and ultimately will have far quicker user interfaces than before. 

 

Increased adoption

Even though passwords are far less prevalent than ever before, they are still being used worldwide. The primary reason is that a password-based login system is the easiest and the cheapest to implement, and one that consumers are familiar and comfortable with.

 

However, we expect greater levels of passwordless authentication in years to come as companies start to realise that passwords are a key source of data breaches. The cost of implementing passwordless authentication is nothing compared to the fines and potential losses incurred due to a data breach.

 

Passwordless authentication is already prevalent and is the best way to enhance security for both businesses and consumers. It diminishes the risks of cyber-attacks whilst also creating a more seamless and efficient user experience – a win-win.

 

The duality of the benefits will ensure its continuous adoption over time, and will ultimately create a safer technological environment. And in terms of the ROI for businesses considering whether to implement into their own systems.

 

It’s a no brainer when you weigh up the potential risks and associated costs of a data breach from a compromised password.

 


 

Simon McNally is pre-sales Manager for UKI at Thales

 

Main image courtesy of iStockPhoto.com

Business Reporter

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543