With Verizon reporting that 82% of data breaches involved the Human Element, why are businesses still using passwords and putting their security and reputation in the hands of the end users?
Passwords are the norm for our digital lives. Their presence across both our professional and personal lives means that they are usable by colleagues with a wide range of technical literacy. Password-based authentication has fewer compatibility issues, implementation is simple, and you don’t need to rely on additional hardware. Whilst this might sound like the perfect, cost-effective, security solution – passwords come with a multitude of security, productivity, and financial risks for an organisation.
Passwords are a well-established form of digital authentication. However, they are burdening businesses with cyber security risks and the cost of password resets. There have been efforts to make password-based authentication more secure: increasing complexity, forcing password updates at regular intervals, prohibiting the use of similar passwords etc. Whilst these steps may make the password itself more secure, we still face the Human Element risk. There is a finite number of unique, complex passwords that an individual can realistically remember. Combine this with the vast number of applications an individual needs to use on a daily basis and this creates a significant risk of users using unsecure methods for remembering their credentials. Think – post-it notes, re-use of passwords, excel spreadsheets and passwords that incorporate the name of your organisation – a security breach waiting to happen.
There are alternatives to passwords available to businesses now. Whilst these alternatives are not widely compatible with existing applications, it does show that the move to passwordless has started and it is time for business to start preparing for the move. Two of the most popular alternatives to passwords are biometric authentication and using secure protocols.
Biometrics: Biometric authentication confirms a user’s identity using unique physical attributes. With many smart phones using biometrics for unlocking phones, opening apps and approving financial transactions, users are increasingly comfortable using this technology.
Secure protocols: Applications that use SAML or OIDC to authenticate enables users to access multiple applications without requiring credentials since they will have already authenticated with their Identity Provider (IdP). With fewer passwords to remember, users can use a single high entropy passphrase and have secure access to a whole range of applications.
Whilst alternatives to passwords are in use today, there is still a way to go before we can completely move away from using password-based authentication. Businesses need to look at ways of practically starting the journey to passwordless enabling increasing security over time. Implementing an Identity and Access Management (IAM) solution is an excellent way of getting started.
IAM solutions allow users to access their identities using a single set of login credentials or biometric authentication. The immediate benefits of implementing an IAM solution include reducing the number of password resets to IT and/or the Service Desk, reducing unsecure user behaviours relating to passwords, reducing frustrations and loss of productivity for users, and reducing the risk of phishing incidents.
Using the right IAM solution will allow your business to completely remove passwords from the hands of your users – eliminating the security risk of human error by placing a system in control of passwords and identities rather than individuals.
If, like most enterprises, you still use applications that require passwords, then using an IAM solution that can hide passwords from users means they can access apps without actually knowing the passwords. Hiding the passwords in this way means that a user can never be phished since they don’t know the passwords.
Then, using the IAM solution, you can migrate your applications to using protocols such as SAML or OIDC as and when the applications enable support for these protocols.
In summary, password-based authentication is leaving businesses vulnerable to security breaches which could have significant financial and reputational implications. It is imperative that business take action to reduce or completely eliminate these risks. Whilst passwords are here for a while yet, starting the journey towards passwordless doesn’t need to be difficult; finding an IAM solution that is widely compatible with existing technologies will offer a passwordless experience for ens users immediately, irrespective of whether applications support this meaning immediate productivity, cost-saving and data breach mitigation benefits for your enterprise.
In summary, make sure your IAM solution can:
Learn more on how organisations are improving security and reducing user friction by moving to passwordless authentication.