Paving the Path to Passwordless

2020-07-20T13:00:16
ID THREATPOST:2A10807088DDCBC0F545D9C6870DD195
Type threatpost
Reporter Threatpost.com
Modified 2020-07-20T13:00:16

Description

Passwords seem to be the digital equivalent of the phrase, “can’t live with ’em, can’t live without ’em.” They’re supposed to protect sensitive information and data, but passwords can also be incredibly frustrating; you shouldn’t use the same one across the board, which means you probably have variations of the same one, which means you have to remember which one is for which site, and then when you have to reset your password because inevitably you can’t remember it, you get an error that says your new password can’t be the same as your old password. Phew! (Oh, and don’t forget that your password also has to be complex enough that it’s hard to guess. So, add that to the list.)

If it seems like passwords are overwhelming sometimes – you aren’t alone. We’ve all been there. Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.

And if passwords are that irritating on an individual level, they cause a whole additional set of issues for enterprises. Think about it: if the average enterprise uses 1,400 cloud applications (as SkyHigh Networks estimates) and each enterprise has thousands of users accessing those applications, that’s password management for literally millions of passwords. Complicating things further are complex IT environments, administrative and operational costs, needing to meet compliance regulations, and of course, keeping everyone within your organization up to date on your security and password policies.

From an organizational and security standpoint, some of the problems with passwords include:

  • 20-50% of all IT help desk tickets are for password resets and U.S.-based organizations spend over $1 million annually in password-related support costs
  • They make for poor user experiences: the average business user must remember and log in with as many as 190 passwords
  • 81% of all breaches involve stolen or weak credentials, while 29% of all breaches involved the use of stolen credentials

Overall, passwords are neither the best nor the most secure gatekeeper for our most important assets, which then begs the question: why are we still using them? And yet, the jump from using passwords to…another solution seems far. Is getting rid of passwords a realistic future? It’s true that using biometrics as a means to identify users exists, but is it scalable for enterprises? At the moment, probably not. The market is not currently in a place to support this easily.

But that doesn’t mean it’s not on the horizon. Security analysts have predicted using passwords as a means to secure important information will be a thing of the past eventually. Until this digital transformation can be fully realized, there are steps you can take to begin the shift to passwordless authentication.

Duo Security’s white paper, “Passwordless: The Future of Authentication,” does a deep dive into what is achievable today, including:

  • Identifying and selecting specific use cases for passwordless in your organization
  • How to streamline and consolidate your authentication workflows
  • How to pair multi-factor authentication with access across cloud and on-prem to provide the broadest security coverage available

You’ll also learn a five-step phased approach to passwordless your organization can follow to build toward a fully passwordless future.