Skip to main content

Five reasons why businesses should be going passwordless

(Image credit: Image Credit: Flickr / AMISOM)

The traditional authentication of a username and password has been the source of security breaches for years. In a bid to try and reduce the number of cyberattacks happening a year, more and more organizations are turning to passwordless authentication.

According to Microsoft, 150 million people are using its passwordless logins each month and internally, 90 percent of Microsoft employees already use a passwordless authentication solution. By 2022, When it comes to businesses, Gartner predicts that 60 percent of large and global enterprises, along with 90 percent of mid-size enterprises, will implement passwordless authentication methods in over 50 percent of use cases, up from 5 percent in 2018.

But what are the key drivers for going passwordless? 

Improving security by combining biometrics and possession authentication

According to Microsoft, combing biometrics and possession authentication makes an account 99.9 percent less likely to be compromised, which highlights just how crucial it is to go passwordless. 

Branching out into the world of passwordless is more common than you think and you will already have a number of accounts which have this measure in place – perhaps without you even considering that it’s passwordless. For example, rather than using a pin number or password, a lot of devices now use biometrics, such as fingerprint technology or facial recognition to gain access. Companies such as Apple, Samsung and Android are widely known for having already adopted this kind of technology but other sectors, such as finance, have also started to adapt.

Whilst biometrics dramatically improve your cybersecurity, you can further enhance this level of security by combining biometrics with other factors of authentication. A great channel to combine it with is an out-of-band, which is when a signal is sent via another channel to fully authenticate a message/sender, allowing users to prove they have more than one device or channel linked to their identity. This means if one authentication channel is compromised, there is another form of authentication providing a barrier to those wanting to gain access.

Block account takeover (ATO) attacks

A huge issue faced by eCommerce consumers, and merchants alike, are account takeover attacks, where hackers obtain account credentials (namely passwords) to takeover and commit fraud. Going passwordless essentially removes this avenue and helps prevent ATO attacks.

In May 2020, Carbon Black reported that up to 88 percent of UK companies have suffered breaches in the last 12 months. Alarmingly, Hiscox data has also revealed around 65,000 attempts to hack small to medium-sized businesses (SMBs) occur in the UK every day, around 4,500 of which are successful. That equates to around 1.6 million of the 5.7 million SMBs in the UK per year. Cisco also estimates 53 percent of SMBs suffered a security breach globally in 2018.

With this in mind, it is absolutely essential businesses protect their data, and going passwordless can massively improve security, reducing the risk of businesses being hacked. Data breaches cost UK enterprises an average of £2.89 million ($3.88 million) per breach, according to IBM and Ponemon’s Cost of a Data Breach study. That’s slightly lower than the global average of £2.92 million ($3.92 million), but still a concerning figure! However, while UK businesses are breached less often than the global average; 23,600 in the UK versus 25,575 globally, the number is still incredibly worrying. 

What’s more, 33 percent of UK organizations say they lost customers after a data breach. A Forrester study of UK and US companies found 38 percent had lost business because of security issues, showing the real impact cybersecurity breaches can have on a business’ bottom line.

Reliable and secure remote working access for employees

Over the last 18 months, we’ve seen the way we work change considerably. The majority of businesses, no matter how big or small, had to change the way they operated with employees having to work from home. With some businesses choosing to adopt a more hybrid working style permanently, this presented a whole host of new opportunities for cybercriminals to attack.

Employees working remotely are at much greater risk than those in offices as home connections are less secure. Meaning cybercriminals have an easier entry into the company network. Plus, people often have a terrible habit of writing their passwords down to remember them, and if these passwords get into the wrong hands, it can have a detrimental impact on the business. 

Enhanced password hygiene

Going passwordless also improves password hygiene. Many people use the same password across multiple accounts, meaning hackers can get into different accounts using just one password. 

In 2019, a Google Study found almost 13 percent of people reuse the same password across all accounts, and a further 52 percent use the same one for multiple (but not all) online accounts. Worryingly, just 35 percent use a different password for every account.

Reduce the need for support and improve productivity 

Traditionally, for better security, businesses have implemented measures to enforce the use of complex passwords. For example, they need to be a minimum length, contain certain characters and expire after a certain time. Whilst this has improved security, it has made it more demanding for employees. Complex passwords are harder to remember, not only does this lead to more people having to make a note of their password, it also means that closed accounts need increased support to reopen.

Adopting passwordless authentication reduces the time needed on support requests which can often be a significant cost driver.

In conclusion, the introduction of passwordless authentication not only improves costs, productivity and password hygiene, it dramatically improves the cybersecurity of a business. 

This leads to better customer retention, confidence for employees working from home and a more positive employee and customer experience.

The rise of passwordless authentication is growing, and with such huge names like Apple and Microsoft incorporating them into their products and business practices, this goes to show that passwords are out.

Lance Williams, Chief Product Officer, Distology

Lance Williams is the Chief Product Officer at Distology.