Authenticating without passwords (passwordless authentication) is already on the market and solutions exist for implementation. By going passwordless companies respond to customer needs for both enhanced security and superior user experience.

Passwords are becoming a thing of the past

Passwords have historically been the standard for securing online accounts, however, they are quickly becoming obsolete. They become archaic for two obvious problems. First, without extra layers of security measures, if someone gets your password they can easily access all your personal data, whether through account takeover (ATO) or other digital-identity risks. More than 60% of breaches are a result of compromised passwords. One solution is to use multi-factor authentication which significantly mitigates risks. As people reuse passwords across devices, the risk of password breaches increases. If cybercriminals breach one account, they can use the personal information and password to enter other accounts of the user. Sites such as HaveIBeenPwned have raised awareness of how often the same accounts are exposed over and over again and often with the same passwords, putting the victims at further risk of their other accounts being compromised.

The second problem with passwords is that they still remain a source of friction and frustration for users. Remembering and managing passwords is tedious and disrupts customer experience, often resulting in costs for the organization via helpdesk and support service costs. Where customers become more demanding regarding security and seamless user experience (UX), going passwordless means meeting both of these customer demands. The main achievement of eliminating passwords therefore improves both UX and security.

Current adoption trends for passwordless authentication

Security experts are predicting that passwordless authentication will become the new norm in three to four years. Gartner predicts that by 2025 over 50% of the workforce and more than 20% of customer authentication transactions will become passwordless, which is a 10% increase compared to today.

With the solutions available today, companies can gain a competitive advantage by preparing their systems for passwordless: tending to their customer experience paired with stronger security guarantees. A security research study by 451 Research and Yubico showed almost three quarters of enterprises planning to spend more on multi-factor authentication (MFA) and two-thirds are deploying or currently piloting passwordless authentication. The main reason for this growing recognition of passwordless authentication is driven by enterprises experiencing increased fraud and data breach activities. Similarly, they found that ‘password stealing’ is often the root cause of most security breaches. At the same time, research done by LastPass identified 92% of businesses believe passwordless authentication is in their organization’s future.

FIDO2 for passwordless authentication

One increasingly popular method for passwordless authentication is Fast IDentity Online (FIDO2), which is the new passwordless standard. The authentication token is predicted to see more than 25% of adoption in the next three years, based on Gartner analyst reviews. Although FIDO2 is projected to become a dominant authentication token, it will most likely first spread in workforce use cases, as obstacles are still foreseen for customer use cases. You can read more about FIDO2, what it is, and its potentiality in the futurae post here.

FIDO2 is mostly loved for the security keys solutions that it offers. However, in companies where hardware tokens are not that common, the Phone-as-a-token (Phaat) authentication method carries huge traction in the market, making it a more popular option for FIDO2 in the short-to-mid term. As such, this article will focus on the alternative options for passwordless authentication where companies are unable or cannot wait for mainstream FIDO2 implementation. However, consider FIDO2 options and how it can benefit authentication in your company by reading the second FIDO2 post from futurae.

In the second part of our series, we will explain the 3 steps to implement passwordless authentication.

This is a guest post from Futurae.

To the original article

Blognews directly in your mailbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge