The Evolution of Authentication

The increasing complexity of systems is leading to a need for more secure authentication methods. Although passwords are a ubiquitous form of verification, allowing users to access applications and perform actions within a system, there have always been problems with this method. Creating secure passwords and managing them properly is difficult when users have dozens of different accounts and log in from multiple locations throughout the day.

An answer to the problem may be found in password-less authentication methods. According to a survey by Wakefield Research, 69 percent of organizations are considering phasing passwords out in the next five years, opting instead to take advantage of passwordless models to increase security and make logins easier for both employees and customers.

Basics of Passwordless Authentication

The idea of a passwordless authentication model is straightforward. Instead of entering credentials consisting of a username or email address and a password, users verify their identities with an alternative method. The change is meant to address the problem of passwords standing in the way of reliable security, workflow efficiency and even customer retention.

Options for password-less authentication include:

  • Biometrics – Already in use in smartphones and other devices, biometric logins consist of a unique biological identifier, such as a fingerprint. However, until biometric technology improves, this may not be the most secure choice unless combined with other options.
  • Email – Upon entering his or her email address, an existing user is sent an email with a verification link. Clicking the link completes authentication and allows access.
  • Token or one-time code – Instead of a link, users receive a token or code they then enter into the website or application. This code is attached to every action taken during a session and decrypted as users interact in real time before being destroyed when the session is terminated.

These new authentication options eliminate the need for passwords and the potential security risks associated with poor password management.

Passwordless Authentication Benefits

Getting rid of a familiar form of identification to increase security may seem counterintuitive, but passwordless authentication has the potential to increase security for both your customers and the users within your organization. Making the switch addresses common problems with password security:

  • Weak passwords
  • Poor password management
  • Accidental use of default settings
  • Using the same password for multiple accounts
  • Not changing passwords regularly

Many of these issues result from “password fatigue,” which is experienced by users asked to create passwords for every website and application they use and enter these passwords numerous times throughout the day. This often leads to apathy in password creation and can threaten system security.

Passwordless authentication is also more convenient. Customers don’t like juggling logins for dozens of sites and tend to abandon those requesting the creation of yet another account. Employees required to log into multiple applications during the course of standard workflows are less efficient, and tasks slow down even more if a password is forgotten and needs to be reset. When no passwords are required, all users enjoy a more seamless experience.

Should You Eliminate Passwords for Your Systems?

Password fatigue explains the phenomenon of passwords becoming weaker as a user is asked to create more accounts. After a while, users no longer care if the password is secure and will use anything just to be able to gain access. This can create a serious security problem in your system. Weak passwords, use of default login options and stolen credentials account for 63 percent of breaches (Verizon). If even one customer’s account is hacked, all the data stored by your company is at risk. The same is true for employee accounts across critical business applications.

Customer retention rates are also affected by password fatigue. Seventy-five percent of customers stop using a service or website if they need to perform a password reset, and 30 percent abandon their hopping carts if checking out requires account creation. This is of particular concern when it comes to first-time or one-time customers. You could lose out on lucrative sales during popular shopping seasons or drive away customers who may otherwise have become loyal shoppers if you don’t have an alternative way for them to log in.

In addition to these considerations, your organization could benefit from passwordless authentication if:

  • Employee password management is poor
  • Workflows continue to hit bottlenecks due to excessive login requirements
  • Your system network is expanding to include more applications
  • A significant number of customers are abandoning carts at checkout
  • Password security problems have led to breaches in the past

There may be some situations in which it makes sense to retain the use of passwords or use a method like multi-factor authentication instead. Base your decision on your company’s needs and the unique security requirements of your network.

Implementing a Passwordless Model

If you decide to make passwordless authentication part of your security protocol, the first step is to research the options to find a reliable provider. Request demos from vendors to see how the authentication process works, and get all the details you can about the security of the process.

Implementation details are specific to providers, but your chosen vendor should work with you to help you set up your passwordless login system. Let all users, both employees and customers, know you’ll be making the switch, and provide clear instructions for use of the new system.

Once passwordless authentication is in place, monitor performance to determine if it delivers the desired results. You should see a drop in shopping cart abandonment on the customer end and an increase in workflow efficiency for your employees.

The rise of passwordless authentication may usher in a time when no system or application requires a password to log in. Companies looking to streamline workflows, update security and offer an alternative to customers experiencing password fatigue can benefit from switching to passwordless options. Since changes in technology inevitably bring new security concerns, it’s time for organizations to start adopting alternatives to outdated authentication methods and bring identity management strategies up to date.

Read other identity and access management articles.