Go passwordless for simple and strong authentication
Our digital footprint is spreading by the minute. We are dealing with scores of apps, accounts and devices almost everyday. Be it social media, bank and work accounts or smartphone and IoT devices, we can’t access any of them without authentication. The primary mode of authentication today is the use of passwords.
But imagine having to log in to multiple media using multiple passwords. Each unique, long-winded, cryptic and quite difficult to remember. The way out for many: use the same password for different accounts, keep yourself signed in to devices and platforms, write passwords out in a personal notepad to remember them, keep clicking on the ‘forgot password’ link, and the like. Moreover, password managers are costly, and the user experience is hampered in case of account lockouts.
So is password authentication simple? No. Secure? Absolutely not.
The writing is on the wall
Passwords are dying a natural death. The promise of secure authentication that passwords brought in is fading away fast. In the last three years, data breaches involving stolen or weak passwords has climbed from 50% to 66% to a whopping 81%.
Enterprises that handle a lot of sensitive consumer data — like banks, insurance companies, healthcare institutions, etc. — are sitting ducks. According to a recent study, 70% of consumers said they would stop doing business with a company if it experiences a data breach. If you haven’t been a victim yet, you should be more scared — and take guard.
The solution is a radical one, if not revolutionary: Go passwordless for simple, secure and strong authentication.
The boon of biometrics
A start has already been made in this direction. Authentication using secure OTPs, push approvals, and QR codes is one way. But hogging the limelight is the use of biometrics. Biometrics channelize the power of ‘what you have’ (device) and ‘what you are’ (fingerprints, retina, face, etc.) — eliminating the need of ‘what you know’ (passwords) — to guarantee a simpler, seamless, and secure authentication experience. Imagine logging in to your personal cloud account using your fingerprint scan or unlocking your phone with your face scan. No need to remember complicated passwords or bank on password managers anymore. Also, since biometrics are difficult to replicate, expect stronger and secure authentication.
Keeping biometrics as the fundamental method to ensure secure authentication, a handful of solution providers are trying out novel techniques. Take the FIDO-certified ThumbSignIn, for instance. It offers seriously strong security with multi-factor secure authentication that lets you use a combination of biometrics (like retina scan and fingerprint scan) or biometrics and OTPs or even biometrics and passwords. Others provide universal second factor security — an open authentication standard developed by Google and managed by FIDO alliance — that lets you log in using password and a quick click of a USB device plugged in to your laptop. The future is gearing up for even stronger security using biometrics: maybe a fingerprint scan for checking bank account balance and a combination of facial and retinal scan for making transactions from the same account. The possibilities are endless with passwordless.
A steady conversion
For enterprises, going passwordless is a jackpot. In addition to avoiding data breach costs, they can easily integrate and maintain secure authentication platforms at a low cost. Most of these secure authentication platforms are FIDO-compliant, which means they are trusted and interoperable with more than 350 other FIDO-approved products in the market. No wonder most enterprises are quite bullish about going passwordless. Four out of 5 IT decision-makers in the UK and 69% of the same in the US say they are going passwordless by 2022.
There’s no doubt that challenges will persist. Companies with rigid processes or legacy systems will find it difficult to onboard a passwordless experience for their employees. Others will be sceptical about its secure authentication promise. But as technology evolves and user adoption increases, the solutions will be further refined. A steady conversion — along with increasing awareness and benefits of going passwordless — will soon render passwords as passe. Thumbs up to that!