Recent study by the World Economic Forum suggests nearly 80% of data breaches we have heard in the recent times are linked to weak or stolen passwords, costing close to $3 million to the global economy every minute. These days, virtually every company with access to our personal data, from Facebook to iCloud, has been hacked.

Passwords once considered a “silver bullet” for data security are just not that secure anymore. There are several methods for cracking them. For hackers, exploiting human nature and emotions is far easier than trying to brute force an attack. Phishing emails are still in the rise and more sophisticated than ever before, utilising the context of the current global situation with COVID-19 and users working from home–makes credential harvesting a piece of cake for hackers.

Using passwords leaves us more vulnerable as we have become more predictable in creating them. Trying to fight against this with stronger, more complex and frequent updates renders challenging for productivity, driving up costs for password maintenance and support that is already steep–and still isn’t sufficient to combat current cybersecurity threats.

The issue is not just weak passwords, the fact that they exist makes them vulnerable. Even if a password is secure, they are stored on a service provider’s server and all it takes is a data breach of your service provider to expose your password, which might be used on lots of other sites.

Since GDPR, there has been a significant raise in awareness surrounding online security and privacy of users. Businesses have taken information security seriously–adding strong authentication to their data protection practices, as regulators have started to act. Companies that fail to comply with the rules and protect their customers’ data will be severely fined. GDPR applies to the EU jurisdiction only, but since many companies that are not based in the EU still do business in the region, it is now considered a golden standard for security.

Passwordless – the way forward.

The challenge for many security teams is to bolster security while maintaining user experience. Users and business expect a highly secure, convenient alternative. Passwordless multifactor authentication (MFA) eliminates the needs to memorise passwords as it replaces passwords with two or more verification factors secured and encrypted on a user’s device, such as a fingerprint, facial recognition, or a pin and as such, makes it 99.9% harder to compromise an account. These alternatives are based on new industry standards developed by members of the Fast ID Online (FIDO) Alliance.

Password replacements

As biometrics-based verification for mobile and computer devices becomes widespread, replacement options for password have raised in the modern workplace.

Windows Hello for Business:- substitutes passwords with strong MFA on Windows 10 platforms. The platform uses either a biometric or PIN to authenticate to enterprise applications, content, and resources without a password being store or used.

Authenticator App:- a free mobile application that can be used to either augment or indeed replace passwords with OTP, push notifications, sign in approvals and so on.

FIDO2 – compliant security keys:- cryptographic credentials in a variety of form factors, including USB keys or NFC-enabled smartcards. They can be protected with a second factor such as a fingerprint (integrated into the security key) or a device PIN to be entered at sign in.

Benefits of passwordless authentication.

Makes signing into application faster, and secure from password based attacks such as phishing, as there are no passwords to create, store or remember.

Gain a higher degree of trust and security for applications, devices and services.

Reduce management overhead and costs from password maintenance and resets.