by Passwords are problematic. They are arguably the weakest link in security, a leading cause of security breaches, and difficult to manage. But on Change Your Password Day 2023, passwords will remain ubiquitous.
Instead of constantly changing passwords to stay ahead of online threats, the best solution is to not use passwords at all. The introduction of passwordless authentication can solve the inherent problems of passwords to provide stronger security and better user experience.
Think about the all-too-common practice of reusing passwords. We still live in a world where the importance of unique passwords for every account cannot be overstated. Why? If one account is compromised, attackers can easily gain access to other accounts associated with the same username or email address.
Jump to:
Bad password policies lead to bad password practices
However, the reality of bad password practices like this is that the average person has about 191 different logins, passwords, or other credentials to manage—which means it takes too much effort to remember coupled with a “This won’t happen to me” mentality . Due to human nature, many people will reuse existing passwords or engage in bad practices such as B. writing down passwords on sticky notes.
SEE: 8 Best Password Managers for Business of 2022 (TechRepublic)
People have also been trained to use passwords that meet the basic requirements for complexity, yet are “easy” to remember. These minimal complexities are often well-intentioned, but produce passwords that are difficult to remember.
Hackers can also guess or crack them using special password attack tools. In fact, NordPass released a 2021 Research Top 200 Passwords report, citing millions of people using the same easy-to-remember password.
To counteract this trend, some companies are forcing their users to change their passwords more frequently. But that only makes the problem worse. It increases the chances of users writing down their passwords, using the same password for multiple websites, forgetting their passwords altogether, or in a really bad experience, tricking the user into calling a helpdesk. It can also undermine productivity by forcing both users and administrators to spend more time and effort on password management.
Password sharing is another ruthless practice. It’s common for consumers to share passwords – think of the various streaming services – with their family and friends to save on costs. Although this may seem harmless, sharing passwords makes it impossible for IT teams to know who is really accessing the application and to take protective measures against unverified people.
The same threats apply if you use the same username. Usernames are often common or shared publicly, meaning they have little security value. For example, a person’s social media name could be the same username they use across different platforms and services. These redundancies make it easier to map and leverage your digital footprint than if each account were unique.
A passwordless future
This is where passwordless technology and streamlined experiences come into play. Passwordless authentication generally relies on an ownership factor (something you have, like a mobile device) or an inheritance factor (something you are, like facial or fingerprint biometrics) to verify user identity with greater security and convenience.
For consumers, passwordless improves engagement, simplifies sign-in, and makes the overall experience seamless and secure. This leads to higher sales as great digital experiences lead to long-term loyalty.
Consider that 46% of consumers prefer websites that offer alternatives to passwords, and 53% feel more comfortable using multi-factor authentication to log into websites or services. Customers are already familiar with passwordless biometric logins on their smartphones. By offering passwordless authentication, businesses can not only improve the customer experience, but also reduce abandonment rates and improve their bottom line.
Less time typing and resetting passwords means more productivity for employees and a significantly reduced burden on help desks, which reduces costs. The security benefits are also obvious: 82% of breaches involve brute force attacks or the use of lost or stolen credentials. Removing dependency on passwords provides a clear solution for better security and user experience.
SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
Passwordless technology is readily available today, but adoption is still low. That’s because passwordless is not a single solution, but one that requires the integration of multiple products and technologies while providing users with options. Plus, it’s not just an IT or security decision, it’s a major business initiative that requires buy-in from diverse executives across the organization.
The path to the passwordless system is not short, but there is a clear roadmap to achieve this goal. Businesses should start with the basics: centralized authentication based on username and password, and intelligent MFA to provide a single sign-on experience.
Progress continues, phasing out passwords using risk services and biometrics that support continuous, adaptive authentication. The home stretch of password elimination entails the use of FIDO-certified products and trusted devices, as well as identity verification.
Paving the way to passwordless adoption
A passwordless future leads to stronger security, better user experiences and higher productivity. As progress is made, it will be some time before passwordlessness achieves mass adoption. Until then, it’s important to practice good password hygiene: change passwords regularly, use a unique password for each account, use a password manager to stay organized, and opt for MFA.
Aubrey Turner, Executive Advisor at Ping Identity, has an extensive background in successfully delivering strategic enterprise cybersecurity solutions to Fortune 1000 companies that address business problems, empower organizations, reduce risk and deliver positive business outcomes. Aubrey has demonstrated relationship building and consensus building with key stakeholders. In addition, he has proven leadership, communication, management, collaboration and sales skills.
