When it comes to managing an organization, security is a core challenge for IT teams. One of the top frustrations for IT teams includes time spent on password management. Problems with passwords continue to grow with increase in hybrid work culture (courtesy- COVID-19). The amount of time that IT teams spend managing users’ passwords and login information has increased over the recent years as the world is going digital. Password management is not only a challenge for IT teams but also for employees as changing passwords regularly and remembering multiple complex passwords adds to their woes.
The Solution: Passwordless Authentication
Passwords have always been a prime target for malicious actors. From password stuffing to brute force attacks, threat actors continue to capitalize on situations such as COVID-19 to launch cyberattacks. Users are becoming increasingly overwhelmed with the plethora of passwords used in both personal and professional lives. This is where passwordless authentication comes in.
Technology and security analysts predict that organizations will shift to passwordless authentication for users to enable modern digital transformation as they cause poor user experiences and lead to cyberattacks.
What is Passwordless Authentication?
Sometimes, this is confused with two-factor authentication, because the second factor of 2FA is typically passwordless. However, passwordless access is different. According to Wikipedia, “passwordless authentication is an authentication method in which a user can log in to a computer system without entering a password or any other knowledge-based secret.”
It is an authentication method that allows users to gain access to an application or IT system without entering a password or answering security questions. Instead, the user provides some other form of evidence such as a fingerprint, facial recognition, proximity badge, or hardware token code.
How can organizations go passwordless?
As the name suggests, passwordless authentication doesn’t require users to input passwords to complete the verification process. Instead, they need to provide another form of evidence that authenticates their identity such as,
- SMS or app-generated codes
- One-time link sent to the e-mail
- One-time password sent by SMS or Push-notification
- HMAC (hash-based message authentication code) and Time-based one-time password
- Persistent Cookie
- Third-party Identity Provider (via Facebook, Google or LinkedIn)
- PKI-based (public key infrastructure) personal authentication certificates
Benefits of Passwordless Authentication
Passwordless authentication eliminates reliance on passwords and thus, delivers a host of business benefits:
- Provides employees with a user-friendly and secure login experience
- Reduces IT costs in the long run by minimizing administration overheads
- Increases productivity as employees save time on password management
- Strengthens an organization’s Cyber Security Posture
- Improves control and visibility for IT team
The Challenges in Going Passwordless
Alongside the benefits, the passwordless world has its set of challenges:
- Increases cost in the short run: Passwordless authentication offers cost savings over the long run, however there are certain costs that the organizations need to incur at first to reap the rewards in the long run.
- Harder to troubleshoot: Resetting a forgotten password is a pain, but it’s also relatively straightforward as compared to troubleshooting if a user loses their hardware token in case of passwordless authentication.
Wrapping Up: The future is passwordless
According to Gartner, by 2022, 60% of large enterprises and 90% of midsize enterprises will implement passwordless methods in up to 50% of use cases. As we’ve discussed, there are some potential pitfalls, but they can be overcome and the benefits are significant. The objective of passwordless authentication is to provide technologies and support use cases that reduce (if not eliminate) the use of passwords. It’s a logical move for organizations as use of passwords present well-known security risks. Organizations must pivot to quickly respond to shift in hybrid work culture and support distributed workforces capable of working securely from anywhere. Passwordless authentication is an effective solution that ensures a more secure working environment and the icing on the cake is that it provides convenience to employees!
(The author Neelesh Kripalani, Sr. VP & Head- Center of Excellence – Clover Infotech and the views expressed in this article are his own)