If I were to tell you that one variable was responsible for more than 80 percent of cyberattacks, what would you guess that variable was? If you guessed “stolen access credentials,” you’d be correct. The traditional username/password combination may soon be a thing of the past as more tech companies transition to alternative authentication measures.
Take, for instance, Microsoft.
But First… What is Passwordless Authentication?
Passwordless authentication is precisely what it sounds like. Instead of requiring a person to authenticate their identity by inputting a predetermined passcode, passwordless authentication looks to other measures to confirm validity. Does the user have access to a verification application? Do they possess a security token? Do their biometrics match the reference data? Have they already been authenticated by another service or application?
If your phone unlocks when it recognizes your face or fingerprint, you’ve used passwordless authentication before, or if you’ve received an access code via text message or email. While not all forms of passwordless authentication are equally secure, they generally resist the weaknesses that the traditional password is prone to:
- Insufficient strength, making brute-force attempts much simpler for cybercriminals
- Without a password, users cannot reuse passwords across different accounts
- Brute force attacks require a password to be present to work, which passwordless authentication negates
The Benefits of Passwordless Authentication
Passwords can be shockingly expensive to maintain. Forrester Research has estimated that each password reset costs the company $70, finding that large organizations spent $1 million in staffing and infrastructure alone to handle them in 2018. However, if there is no password to reset, there will be no cost associated with resetting it.
Improved Convenience in the User Experience
When the average user nowadays is expected to remember literally dozens of passwords, there’s little wonder that so many users resort to just picking one and recycling it over and over. From the user’s perspective, it’s more convenient, which means they can access what they need and get down to business more efficiently.
Of course, this doesn’t encompass the full reality of the situation. Therefore, to ensure that your security is maintained, it makes sense to make the most secure option the most convenient one as well. Passwordless authentication removes all the pressure of remembering all those credentials. As a result, your employees will both be under less stress and in a position to securely work towards your organizational goals.
Finally, and most crucially, passwordless authentication is safer. Think about it: cybercriminals are targeting the human element more and more frequently as they leverage their attacks. Phishing is a common means for a cybercriminal to gain access to your business’ data, and there are plenty of other attacks that target your authentication measures anyways, like credential stuffing and brute force attacks. Each of these attacks relies on a set, concrete password being the key to the castle, so passwordless authentication measures can minimize the threat they pose.
Reasons like these are why Microsoft is putting so much effort into passwordless technologies.
What Microsoft is Doing with Passwordless Authentication
In no uncertain terms, quite a bit.
In addition to 150 million consumer and enterprise accounts using passwordless authentication measures as of May 2020, Microsoft itself has effectively made an internal transition to passwordless. Up to 90 percent of their own 150 thousand employees have opted into passwordless authentications—saving Microsoft 80 percent of the support costs that once went to internal password management. Microsoft has accomplished this by pairing passwordless measures with secure multi-factor authentication.
Their strategy now can be summed up as saying, “Okay, so this user appears to be who they’re supposed to be. Let’s make sure they have something that they’re supposed to have.”
In doing so, Microsoft has also seen an uptick in MFA adoption, reinforcing security without adding any unexpected inconvenience to the user.
So, if passwordless authentication is truly…
- More secure
- More affordable
- More user-friendly
- More manageable
- And more convenient
…it only makes sense that businesses of all sizes will soon see increased availability of these solutions and have a greater motivation to use them. As a result, we can confidently say that we foresee a passwordless future on the horizon.
Regardless of how security is enforced, MyTek is here to assist you in enforcing it. Reach out to us today to learn how we can help make your operations more secure and productive with our IT services and solutions. Call 623-312-2440 now.