Everyone knows the frustration of passwords. Creating passwords, resetting them and administering them is a time-consuming process, and 59% of people use the same password everywhere. Passwords change too frequently, and some folks resort to writing them down on Post-It notes. Maybe they don’t change enough, and the same password has been in use for months, maybe years. Over time, they’ve become so dangerous that two-factor authentication, a password plus almost anything else, is basically an industry standard in 2019.
Passwords also create the largest attack surface for any organization. In 2017, 81% of all hacking incidents were due to weak or stolen passwords. With statistics like that, it seems that passwords alone aren’t enough to protect any data worth protecting. With these endless loops of password related breaches and attacks, attention has finally been brought to the possibility of going ‘passwordless’.
Stated simply, passwordless authentication requires any other verification of legitimate access to data, except for a password. Things like a registered smart phone, fingerprints or voice, questions unique to a user, quite literally anything but a password qualifies.
The main benefit of password-free authentication is of course security. Without a password, there’s nothing to scam, or phish or steal. An interesting side effect of going passwordless is that not only is security improved, but the user experience is improved as well. No need to memorize specific text strings that you are likely to reuse across multiple platforms, no more calls to tech support to have a local password reset, & no more waiting for ‘forgotten password’ emails to wait for.
Reducing ‘friction’, or the time taken to complete a set task, is also an important benefit. Roughly 33% of all online shopping transactions are abandoned because a user simply forgot their password to a retailer’s website. The process of creating a new account, with user name and password, which is likely re-used from another application, is also a type of friction. Once friction is reduced, the process can move forward as efficiently as possible. In the case of password-free verification, not only is it easier, but it is also more secure.
Naturally, there will be hesitance to adopt complete passwordless authentication. It requires a solid IT foundation for any organization, and it does require end-user buy-in and confidence. Password-less authentication would allow for more users to adopt a service or application as they would be able to access a system with more security and minimal friction. In turn, this leads to an increase in end-user adoption or, in the retail example mentioned before, new customer acquisition. Remembering complex passwords that change every so often is a challenge.
As IT progresses, people are getting more and more frustrated with passwords. This approach could prove itself to be efficient and more secure for almost any organization. Implementing a password-less authentication framework spares time and eliminates the disappointment of recollecting yet another password, while increasing security and user confidence.