Passwordless technology is gaining traction due to the dizzying number of passwords that the average user accumulates. When you tally up email, phone, banking, travel, rideshare, hospitality, browsers and the fact that just about every service wants you to download their app and enter a password, it is no wonder that most users repeat the same passwords or adjust them only slightly (making it easy for hackers to crack them).
Passwordless authentication is a way to verify user identities without relying on a manually entered password. Instead, it uses authentication through the possession of a specific device, biometric data or a one-time code sent through an authenticator app or text.
Going passwordless has many potential benefits. Here are a few of the top ones:
1. Reduced costs
Eliminating passwords can reduce costs by saving employee time, lowering Help Desk stress and cutting the cost of security administration. A World Economic Forum report found that employees waste 11 hours a year resetting passwords. In large companies with 15,000 or more employees, this adds up to a productivity loss of more than $5 million a year. Further, the average cost of resetting a password turns out to be in the $30 to $70 range. By going passwordless, the report found that IT staffing costs could be slashed by $1 million.
2. Enhanced security
Over the last decade, there have been so many security breaches that hundreds of millions of emails and passwords are now listed on the dark web. If a user is still using one of those compromised passwords or has only changed it slightly, hacking software can usually crack it in a short time. One study found that 57% of users save passwords on sticky notes, 49% save them in unprotected plain-text documents and 62% share them via text message or email. Passwordless authentication eliminates these bad habits and security violations.
3. Convenience
According to one study, the average user now has around 100 passwords. Who can remember them all if they’re all unique? User time is wasted in trying to recall them, in resetting them and in the various workarounds employed to know what password fits which site. Post-It notes, computer files that list all the passwords or letting your browser remember all your passwords—these are common practices that open the door to cybercriminal exploitation. Going passwordless by using approaches such as authenticators saves users from having to remember passwords or from compromising their security through memory workarounds.
4. Biometric data is more difficult to crack
Biometric authentication uses a person’s physical traits to verify their identity without the need to enter a password. The likelihood that two faces are the same is less than one in a trillion, so facial recognition is an effective and more secure way to verify an individual. Research into advanced facial recognition technology found that modern approaches make it extremely difficult for hackers to successfully fake their way into a system.
5. Boosted productivity
Whether it is due to figuring out how to log into their various accounts, how to reset passwords or fumbling around with the various security safeguards that seek to prevent data breaches, a lot of time is lost that could have been put to more productive use. Time is also lost in training and retraining users on password health and how to avoid phishing scams. A study by the FIDO (Fast ID Online) Alliance found that financial firm Intuit experienced authentication success rates of 95% to 97% via passwordless methods compared to 80% for password and MFA-based logins, as well as a 70% boost in sign-in speed. Simplifying the entire process and removing login friction is likely to increase employee satisfaction.
Help Desks, too, can receive a productivity benefit from passwordless authentication. Large companies have to deal with password reset requests, calls to walk users through the process of devising a new password, as well as:
- Complaints from users as to why they have to change their password again.
- Why a password now needs 8, 10 or 12 characters.
- Why they have to add symbols and letters and caps which make it difficult for them to remember.
Passwordless technology frees up Help Desks to engage in more productive actions.
Popular passwordless authentication solutions
There are many popular product passwordless solutions on the market. Each has its pros and cons and caters to different aspects of the market and the cybersecurity landscape. Some are stronger with SMBs, while others focus on mid-size or large enterprises.
AuthID Verified Workforce
- AuthID promotes its tools as being unphish-able.
- It is particularly strong in biometrics.
- Key markets include digital onboarding, financial services, software, entertainment and mobile application providers.
- $600 to $1,200 per year for up to 500 accounts.
Cisco Duo
- Cisco Duo is a cloud-based access management platform for passwordless authentication and MFA, while also offering security analytics.
- Support for FIDO2 security keys as a passwordless authenticator.
- Key industries include higher education, government and IT.
- $3 to $9 per month per user.
CyberArk Workforce Identity
- CyberArk Identity offers a passwordless SaaS solution.
- Company strengths include single sign-on (SSO) and multi-factor authentication (MFA). as part of a passwordless approach.
- Key industries include mid-size and large IT and service organizations.
- $2 to $5 per month per user.
Microsoft Entra
- Entra ID includes SSO and passwordless technology plus identity governance.
- Key verticals include cloud-based SMEs, Azure users and Windows-based enterprises.
- Microsoft offers its own authenticator app.
- $6-$9 per month per user.
Ping Identity
- Ping Identity’s platform is cloud-based.
- It offers SSO, email magic links and FIDO-based biometric authentication using passkeys.
- Ping caters mainly to enterprise users and is particularly strong in software and IT.
- $20,000 to $40,000 annually.
Yubico
- Yubico provides a physical object known as a YubiKey, which is a USB and Near Field Communication (NFC) device as a way to add passwordless functionality.
- It supports several authentication and cryptographic protocols.
- The tool first gained ground with individuals and SMBs. But it is now moving into the enterprise space.
- Keys range from $25 to $90 per user.
Should your organization use passwordless authentication?
Password-based technology is at its breaking point. Too much user, IT and Help Desk time is tied up in password verification and management. Users may know that they should use unique passwords and apply many other security best practices, but experience has shown that they often don’t. Cyberattacks continue to haunt the enterprise and cybercriminals find it relatively easy to compromise email and other accounts. Passwordless technology offers a way to shore up this area of weakness. It isn’t foolproof, but it represents a step up from password chaos by reducing the likelihood of phishing attacks.