how to go passwordless
In this whitepaper, we will cover the business drivers for going passwordless and the state of current authentication solutions. In addition, we will share our view on the possibility of a completely passwordless world.
business drivers for passwordless authentication
Passwordless authentication has been a buzzword in the Identity & Access Management industry for a while now. This time it is not a technology push, but there is a clear business driver when it comes to your customer users; as an organisation you need to reduce any friction in the customer journey to be competitive. Many solution providers are taking steps towards creating a passwordless user experience but going completely passwordless can remain a challenge.
1. Security: Passwords are the problem
Passwords have been used since the earliest days of computing, to control access to devices. Digitisation has changed the way companies operate their businesses and interact with their partners and customers, resulting in an explosive growth in online accounts, applications and portals to use. Nowadays passwords enable the right people to access the right information at the right time, in a secure and frictionless way. Managing passwords and accessing accounts has gradually become easier for consumers, using everyday technologies like password managers, Apple Touch, Face ID and Apple Pay. For employees and business partners, technologies like mobile authenticator applications and fingerprint technology help provide a more secure, almost passwordless experience.
Human behaviour is one of the biggest risks in the approach of using passwords as the key, although even with good practice passwords can still be hacked by brute force. But the more passwords a user needs to manage, the higher the vulnerability of the accounts being exposed to hackers and cyber criminals, because people tend to continue using weak passwords, or reuse passwords across different accounts.
- The average person has about 38.4 online accounts for work and private purposes (Source: SC Magazine UK), secured with a username password combination.
- According to the UK’s National Cyber Security Centre (NCSC), 23 million account holders worldwide still use “123456” as their password.
- 90% of internet users are worried about getting their passwords hacked.
- 80% of hacking-related breaches are tied to passwords (Source: Verizon 2020 Data Breach Investigations Report).
Password as means of authentication is not only a hassle for users but can also have a severe impact on organisations. Password resets can be a burden on IT organisations and support, not to mention the cost and reputational damage in case of a data breach. When Identity Management was still mainly focusing on employees getting access to their work applications, this could partially be covered by Single Sign-On solutions. But with IAM shifting towards CIAM, the impact on the user journey and on your business has become more vital.
These numbers speak for themselves:
- 83% of mobile users say that a seamless experience across all devices is very important (Source: Root).
- 61% of users are unlikely to return to a site on mobile if they had trouble accessing it and 40% visit a competitor’s site instead (Source: Google).
- About a third of online purchases are abandoned at checkout because consumers cannot remember their passwords (Source: MasterCard and the University of Oxford).
- In case of a breach, the costs are high. An IBM study calculated the amount of €150 for each record hacked. This includes lost business, legal fees, and compensation to affected clients.