Will the future of cybersecurity be passwordless?

In the future the workplaces could be passwordless. With pandemic driving a large-scale transition to remote work, and cybercriminal activity taking advantage of the situation, online security is in the spotlight. A recent research says that 67% of breaches are caused by credential theft and social engineering attacks that capitalise on moments in time like COVID-19. And, today’s IT teams are spending an average of six hours a week on password-related issues alone – an increase of 25% from 2019. With these mounting frustrations from bothIT and users, as well as growing risks, the question arises: why do we keep relying on passwords?

Passwords have been a reality of daily life since we can remember. They continue to be the easiest and most used form of authentication both at the business and personal levels. Yet, they also continue to be one of the major drivers for vulnerabilities, and with a workforce that is operating remotely for the foreseeable future, it is paramount to find a solution that reduces risk.

The LastPass report says, “From Passwords to Passwordless,” we found that password security is one of the main sources of frustration for the IT department, particularly when issues are derived from user behaviours like password reuse. There is a clear disconnect between the security priorities of IT and the user experience demands of employees. So, what can be done to alleviate the password problem?

Talking about the future of the password, 85% of IT professionals surveyed do not think passwords are going away completely. Yet, over 92% believe that delivering a passwordless experience for end-users is the future for their organisations. Implementing single-sign-on (SSO) can help secure and simplify managing access no matter where employees are located. Through a protocol – such as Security Assertion Markup Language (SAML) – SSO establishes a secure line between an identity provider and a service provider, meaning it creates a link between where IT manages employees access information and the application users want to login into. SSO allows employees to reduce the number of passwords they must remember or update, boosting their productivity and minimising the risks associated with credentials.

Enabling multifactor authentication (MFA) provides IT teams with the tools to manage access at the individual user level, defined groups or even by job role. MFA considers a multitude of factors such as location, IP address or biometrics (face ID) versus only one factor – such as a password – prior to granting access to an application. By prompting a user for additional information when logging in, IT can be confident that the person requesting access is indeed who they say they are. It also streamlines the process for the final user that will have a faster and easier login experience.

As we continue to navigate a “work from anywhere” world, many elements are outside the IT teams’ control. From users’ devices and Wi-Fi connection, to the apps and websites they frequent, remote work has increased the risks and the variables that need to be thought of. Is your organisation ready to go passwordless?