Increased Popularity of Passwordless Authentication During and After the Pandemic

The recent World Password Day on May 7, 2020, reminded users and organizations of the critical need for complex passwords at an age when massive amounts of confidential information live on the Internet. Individuals and businesses are increasingly using new digital platforms for online banking, bill payments, shopping, social media, and so on, where they share personal and financial information. This trend requires the use of solid and diversified passwords.

Issues with Passwords

The Password system is predominantly a user-driven initiative, and its success highly depends on the user’s best practices. A survey to gain insights into password habits reveals that 61 percent of people reuse passwords across multiple websites. 44 percent of consumers change their passwords once a year or less. Additionally, an average business user manages more than 191 pairs of usernames and passwords, making it difficult for individuals to remember unique and complex passwords for each online account. An employee spends more than 10 hours annually entering or resetting passwords.

Passwords and credential theft are a top vulnerability that organizations should address to reduce cyber risks. At the same time, multifactor authentication methods proposed as means to enhance password security also face similar weaknesses considering that they are layers built on top of systems based on inherently vulnerable password systems. Stolen or weak credentials will cause 80 percent of breaches in 2020, according to a 2019 investigations report.

COVID-19 Pandemic Impact on IT Environments

Apart from the severe implications on victims’ health, the current coronavirus pandemic is significantly affecting businesses and the economy. In effect, organizations have encouraged their employees to work from home to manage the spread of COVID-19. Many employees, captivatingly, are hoping to continue working from home even after the world contains the pandemic.

As the pandemic evolves, organizations face an increased dependency on digital infrastructures, remote work strategy, and the Internet, which create a large surface for criminal activities. At the same time, the coronavirus has a significant impact on cybersecurity as threat actors actively exploit the crisis. Currently, there is a sharp spike in phishing attacks targeting remote user credentials. The situation has forced many businesses to rethink the way they manage their IT environment access to ensure enhanced security while keeping afloat. The present time offers a fitting occasion for organizations to shift from password to passwordless technologies for user identification.

A Shift towards Passwordless Authentication Solutions

Adopting passwordless authentication gives users an enhanced experience, improves security, and controls the number of people accessing the corporate network. This modern access management method involves implementing identity management systems that use other authentication methods, such as:

• Biometrics
• Behaviour analytics
• USB keys
• Near-field Communication
• Device metadata and attributes
• Security keys
• Zero-knowledge proofs
• QR codes

Passwordless strategies also support multifactor authentication using a passwordless component with an authenticator app or a personal identification number (PIN).

Some of the benefits of shifting to passwordless solutions include:

1.     Improved User Experience

With passwordless systems, users conveniently authenticate via biometric identification, such as fingerprint and facial recognition. The option allows the use of devices with an established and secure connection with business applications. More than 85 percent of customers would consider paying a premium for the improved experience offered by passwordless solutions.

2.     Enhanced Security 

Passwordless authentication reduces compromised credential risks by making it difficult for hackers to launch malicious actions, such as phishing, credential stuffing, man-in-the-middle, session hijacking, and brute force attacks.

3.     Better Access Control

Passwordless authentication offers a robust approach for user verification across disparate systems that employees access while working from home. Companies can restrict unauthorized access to systems using public-key cryptography (PKI) that eliminates the use of risky passwords.

4.     Digital Transformation Enabler

Passwordless strategies act as a critical digital enabler that reduces user friction and makes mobility seamless. Besides, the access management mechanism improves regulatory compliance and enhances operational efficiency. 

5.     Cost Saving

Initially, companies established virtual private networks (VPNs) for only a small percentage of remote workers. However, the spread of COVID-19 has resulted in hundreds of workers moving to remote work nearly overnight. The drift requires organizations to spend more on VPNs.

Promisingly, passwordless authentication solutions allow secure and controlled access to cloud-based environments without the use of high-priced VPNs. For instance, users can access the extensively used Office 365 or Salesforce using passwordless authentication, leaving pricey VPNs for people who absolutely need to access the corporate network.

Besides, passwordless authentication provides a way of minimizing operational costs for password systems. Organizations running legacy authentication methods need to pay for direct and recurring expenses, such as the time technical support staff devotes to resetting user passwords. Gartner Group reveals that 20 to 50 percent of all help desk calls are for password reset requests. Forester Research, on the same vein, notes that the average labour cost for a single password reset is about $70. In effect, letting users access apps without passwords can save on support desk costs.

Passwordless Authentication Solutions: Application Areas

Modern passwordless authentication systems could effectively replace the static credentials used in remote access for employees working from home during and after the pandemic. Secondly, IT teams can utilize the new access management mechanism in remote desktops and virtual desktop infrastructure (VDI). Organizations can also implement passwordless authentication for user identity and access management for critical and cloud-based applications.

By 2022, more than 50 percent of large enterprises and 90 percent of medium-sized enterprises will implement authentication mechanisms. Accordingly, such organizations should leverage passwordless strategies to enjoy the benefits offered by the modern access management method.

Implementing Passwordless Authentication Solutions with ISA

Ultimately, the COVID-19 pandemic acts as a trigger that compels organizations to focus on digital technologies, including adopting authentication that does not rely on legacy passwords. As more people move from office to working from home, passwordless systems offer secure and convenient ways to authenticate employees at scale.

ISA assists organizations to deploy passwordless authentication mechanisms across all divisions and systems. ISA experts ensure that your company eliminates vulnerable passwords and credential-based mechanisms and integrates a modern access management system based on biometrics, behavior analytics, and device attributes.