For decades, passwords have been the basic authentication mechanism that gives users access to data and applications. However, passwords also have shortcomings. Over 80 percent of all security breaches are caused by weak, reused, or stolen passwords. And IT teams spend an average of four hours a week on password-related matters alone. This begs the question: what can we do to put an end to the password problem?
It is clear that users need a more secure and simpler method of authentication. The most obvious solution to the password problem is to say goodbye to passwords—but how? The answer lies in passwordless authentication. With passwordless authentication, users securely log into their applications without entering a password. In corporate environments, this means that employees can authenticate themselves without a password. Also, the IT team has full control over every login.
The role of passwords
There are two types of passwords, authentication: one method eliminates passwords from the entire IT infrastructure; the other from the registration process that employees go through. Both are possible, but I don’t think that passwords will disappear from the IT infrastructure in the foreseeable future. For this reason, companies should focus on enabling passwordless login for their employees. Passwords can still be used behind the scenes, but do not have to be entered manually when logging on.
Organizations benefit from passwordless authentication in two ways, both in terms of employee productivity and from a security standpoint. Passwordless authentication means employees no longer have to tediously type in a password for each and every application they need to do their jobs. An average employee uses 36 different cloud services at his workplace. That’s a lot of passwords to remember and a lot of time wasted manually typing passwords.
Password-related risks eliminated
With passwordless authentication, password-related risks are also eliminated. It is no longer possible for employees to use the same easy-to-remember password for different apps. These weak passwords pose a great risk as they are fodder for hackers. Organizations experience lost or stolen credentials each month. This means many organizations regularly face password security challenges. Additionally, passwords are still used behind the scenes in passwordless login. This allows IT teams to implement stricter password policies, but employees never have to manually enter these stronger passwords—the best of both worlds.
Which technologies can replace passwords?
If employees don’t use passwords to gain access to their work, how can they? Technologies currently available include biometrics, secure protocols, and integrations.
Authentication protocols are a type of passwordless login. The protocol enables communication between an identity provider and a service provider. Parallel to the authentication with the identity provider, the employee also authenticates himself with the service providers assigned to him without having to enter a password.
An example of this is single sign-on (SSO), also known as single sign-on. This technology is usually based on the SAML (Security Assertion Markup Language) protocol. When a company implements single sign-on, employees who authenticate to their identity provider are also simultaneously authenticated to all their assigned applications. So once they log in, they don’t have to enter passwords anywhere to get their work done – a true passwordless experience.
Protocols like SAML contribute to higher overall security since no passwords are used. Also, protocols make the connection more secure than would be possible with just passwords. And the employees are happy because they can access all work-related applications without having to enter any further passwords. Both IT teams and employees benefit from SSO.
Federated identity management
With federated identity management, an identity provider is connected to a service provider. Because of the integration, once an employee has been authenticated by the identity provider, they are also authenticated with their assigned service providers. This enables IT teams to securely manage employees throughout their lifecycle, from onboarding to offboarding, in a unified view across multiple IAM solutions.
Because the two identities and access management (IAM) technologies are integrated, a secure relationship is built behind the scenes. This means that employees do not have to enter a separate password. After logging in, they have access to both integrated resources and can use them throughout their workday without a password.
Biometric data determines who you are as a person. These include your fingerprint, your face, or your voice. Employees are increasingly using biometric methods to log into their professional applications. In fact, this type of authentication is so popular that 70 percent of consumers want it to be used more in the workplace.
The main reason why biometrics is becoming more popular is that they give employees the easy and seamless user experience they want. Fingerprint authentication is much easier than typing a password. Employees do not want to overcome additional obstacles that keep them from their work.
However, the secure storage of biometric data is of utmost importance. I advise companies to use biometric authentication solutions built on top of local-only encryption. This means that the biometric data is stored on the device itself and not in the cloud, ensuring its security and confidentiality. Biometric authentication allows users to confirm their identity using personal attributes without having to enter a password.
Passwordless authentication helps companies increase employee productivity, reduce IT costs and improve security. However, keep in mind that passwords are still the dominant authentication method. They will not disappear from our screens any time soon. Organizations should opt for a combination of employee sign-in methods and password managers. This allows them to protect every single access point while allowing their employees to seamlessly log in.