From large scale breaches to mere credential stuffing, passwords have always remained on the hitlist of cybercriminals. From two-factor to multi-factor authentication to FIDO, various methods have emerged for protecting user accounts. Nonetheless, it still remains impossible to ensure fool-proof password security. That’s why cybersecurity experts have long been advocating for use of alternate authentication methods. And recently, the World Economic Forum (WEF) has shared a detailed report emphasizing the importance of passwordless authentication.
WEF Report On Passwordless Authentication
Given the rising dependency of people on the internet due to the COVID-19 pandemic, World Economic Forum (WEF) highlighted the significance of passwordless authentication.
In a recent article, William Dixon, Head of Operations, Centre for Cybersecurity, World Economic Forum, and Ori Eisen, Founder and CEO, Trusona, shared how ditching passwords may help in reducing breaches and enhancing account security.
According to the WEF white paper on Passwordless Authentication published in January 2020, the use of passwords has been around for decades. Nonetheless, in the present-day tech scenario, the conventional use of passwords has become a major cybersecurity risk. With passwordless technologies, businesses may achieve more benefits with better account security. Some of the key benefits include,
- Enhanced security – since there would be no passwords for hackers to steal.
- Reduced costs – that companies would otherwise spend on enhancing cybersecurity, fulfilling penalties related to data breaches, and improving password management.
- Better user experience – as there would be minimal user friction, which assures satisfied customers.
- Increases usability – because the customers would no longer have to go through the hassle of inputting passwords.
Why Do Passwords Still Exist?
Though, the advocates of passwordless authentication have been stressing its importance for quite some time now we still see enterprises using this conventional security measure.
Talking about why passwords have succeeded to remain popular even today, Robert Griffin, CEO MIRACL, a London-based security firm, commented,
It is true that with the growth of password attacks, identity fraud, online regulation (including GDPR), the problem has grown much bigger but fundamentally they still exist for 4 reasons:
1. The drop in conversion from consumers being confronted with extra steps is so high. If you ask consumers to get their mobile, receive a one-time passcode or input a biometric, they get bored very quickly. That has disastrous consequences to revenue. Any solution, therefore, needs absolutely minimised friction, regardless of what device you’re on.
2. Passwords can be used by pretty much everyone on any device. To replace them, any solution has got to be similarly universal. It is simply not viable to adopt and authentication technology that leaves 10% of your customer-base stranded.
3. Passwords are cheap. Any solution needs to be affordable, not just for banks but conventional e-commerce sites. In particular, they need to be priced so that websites don’t pay lots for a registered user that is inactive.
4. Passwords don’t require complex implementation. Any alternative has to be simple to integrate and deliver.
Above all, Griffin urged that any alternative to password must respect data privacy as well, such as cryptography.
Modern cryptography has taken away the need for an authentication database. This is a big deal because it means that hackers have nowhere to target, making the task of GDPR compliance and cyber-resiliency a lot easier.
Alternate Measures And Areas To Implement Changes First
For transiting to passwordless technology, World Economic Forum names some other technologies that are presently available. These include facial biometric technology, security hardware keys, QR code authentication, behavioral analysis-based authentication, and zero-knowledge proofs (ZKP) challenges with lesser passwords.
Whereas, the key areas where enterprises may try going passwordless, especially in these timings when work-from-home has become a necessity, include VPN access, remote desktop connections, customer identity and access management, virtual desktop infrastructure (VDI), and critical apps. This will help to reduce cybercrimes, streamline operations, enhance productivity, and revolutionize digital trends for the future.
Let us know your thoughts in the comments.