Another digital era has dawned on us, along with the COVID-19 reality. In a world of remote everything, more services are going online and businesses are having to adapt drastically to address digital needs of customers and workers. Quoting Microsoft CEO Satya Nadella, “We’ve seen two years’ worth of digital transformation in two months.”
Across both our personal and work lives, organizations and individuals are connecting via online accounts that require usernames and passwords – and we take shortcuts to keep this system as hassle-free as possible. According to a Ponemon Institute study, more than half of people reuse an average of five passwords across business and personal accounts – something that hackers can easily take advantage of. Simply by getting hold of one password, they are able to pry open more of our digital lives. A single compromised password, then, can create a chain reaction of liability. On average, one in every 250 corporate accounts is compromised each month with this modus operandi.
No matter how strong or complex a password is, it is useless if a bad actor can get hold of it. Plus, passwords are inconvenient and a drain on productivity – people spend hours each year signing into applications and recovering or resetting forgotten usernames and passwords, which takes a toll on service providers too.
A world of passwordless technology
How can we adopt access solutions that are both convenient for users and secure for administrators? This is where passwordless technology comes in. It involves replacing passwords with biometrics or authentication on a device which you own.
This method of verification not only allows users to rely less on passwords, but also helps companies to save on the 30 to 60 percent of support desk calls dedicated to facilitating password resets.
As of May, Microsoft has seen the number of people signing in with passwordless methods each month reach over 150 million.
Additionally by 2022, Gartner predicts that 60 percent of large and global enterprises and 90 percent of mid-size enterprises will implement passwordless methods in more than 50 percent of use cases. A recent Microsoft survey also revealed that the use of biometric work accounts is set to double this year, as nearly a quarter of companies are already using or planning to deploy biometrics soon.
Ensuring a secure future with passwordless access
Now is the time to make the transition to a password-free world, with the enormous spike in remote working demands. Offering both high security and convenience, this solution surpasses existing password authentication and even combined password and two-factor authentication methods.
Passwordless authentication methods are more hassle-free because the password is removed and replaced with something you have, something you are or something you know. Solutions for organizations and individuals to consider include:
- Direct access to PC via biometric and PIN, which prevents access to the device from anyone other than the owner. This solution enables the user to make use of his/her own unique identifiers for seamless sign-in that can also be built-in with single sign-on (SSO) solutions.
- Using a phone as a multi-authentication tool and turn iOS or Android phones into a strong, passwordless credential. An example of this is the Microsoft Authenticator App, where users can sign in to any platform or browser by getting a notification to the phone, matching a number displayed on the screen to the one on the phone, and then using biometric (touch or face) or PIN to confirm.
- Fast Identity Online (FIDO) and FIDO2 security keys allow users and organizations to leverage this unphishable standards-based passwordless authentication method for sign in to resources without a username or password. It makes use of an external security key or platform key built into a device. This is a great option for enterprises who are very security sensitive or have scenarios or employees who aren’t willing or able to use their phone as a second factor.
For many of us, working from home will be the new norm for the foreseeable future – and as remote technology proves effective for many. With this, there are many opportunities for using passwordless methods to better secure digital accounts that people rely on every day.
As this form of access and verification becomes commonplace for both organizational and personal use, embracing passwordless methods early is the most simple yet highly effective and long-lasting step to enhancing cybersecurity for a safer future.