What to Know About Passwordless Authentication

If you were told that one variable was responsible for more than 80 percent of cyberattacks, what would you guess that variable was? If you guessed “stolen access credentials,” you’d be right. The standard username/password combination may soon be a relic of the past as more tech companies transition to alternative authentication measures.

Take, for example, Microsoft.

What is Passwordless Authentication?

Passwordless authentication is exactly what it sounds like: instead of requiring a person to authenticate their identity by inputting a predetermined passcode, passwordless authentication looks to other measures to confirm validity. Does the user have access to a verification application? Do they possess a security token? Do their biometrics match the reference data? Have they already been authenticated by another service or application?

If your phone unlocks when it recognizes your face or fingerprint, or if you’ve received an access code via text message or email, then you've utilized passwordless authentication before. While not all forms of passwordless authentication are equally secure, they typically avoid the weaknesses that the traditional password is prone to:

• Inadequate strength, making brute-force attempts much easier for cybercriminals
• Without a password, users cannot reuse passwords across different accounts
• Brute force attacks require a password to be present to work, which passwordless authentication negates

The Advantages of Passwordless Authentication

Cost Efficacy

Passwords can be surprisingly costly to maintain. Forrester Research has estimated that each password reset costs the company $70, finding that large companies spent $1 million in staffing and infrastructure alone to handle them in 2018. On the other hand, if there is no password to reset, there will be no cost associated with resetting it.

Improved Convenience in the User Experience

When the modern average user is expected to remember literally dozens of passwords, there’s little wonder that so many users resort to just picking one and recycling it over and over. From the user’s perspective, it’s more convenient, which means they can access what they need and get down to business more efficiently.

Naturally, this doesn’t encompass the full reality of the situation. Thus, to ensure that your security is maintained, it makes sense to make the most secure option the most convenient one as well. Passwordless authentication eliminates all the pressure of remembering all those credentials. As a result, your employees will both be under less stress and in a position to securely work towards your organizational goals.

Security

Most importantly, passwordless authentication is safer. Cybercriminals are targeting the human element more and more frequently as they leverage their attacks. Phishing is a common means for a cybercriminal to gain access to your business’ data, and there are plenty of other attacks that target your authentication measures anyways, like credential stuffing and brute force attacks. Each of these attacks relies on a set, concrete password being the key to the castle, so passwordless authentication measures can minimize the threat they pose.

Reasons like these are why Microsoft is putting so much effort into passwordless technologies.

What Microsoft is Doing with Passwordless Authentication

In no uncertain terms, a lot.

In addition to 150 million consumer and enterprise accounts utilizing passwordless authentication measures as of May 2020, Microsoft itself has effectively made an internal transition to passwordless. Up to 90 percent of their own 150 thousand employees have opted into passwordless authentications—saving Microsoft 80 percent of the support costs that once went to internal password management. Microsoft has accomplished this by pairing passwordless measures with secure multi-factor authentication.

Their strategy now can be summed up as saying, “Okay, so this user appears to be who they’re supposed to be. Let’s make sure they have something that they’re supposed to have.”

In doing so, Microsoft has also seen an uptick in MFA adoption, reinforcing security without adding any unexpected inconvenience to the user.

So, if passwordless authentication is truly…

• More secure
• More affordable
• More user-friendly
• More manageable
• And more convenient

…it only makes sense that businesses of all sizes will soon see increased availability of these solutions and have a greater motivation to use them. As a result, we can confidently say that we foresee a passwordless future on the horizon.

Regardless of how security is enforced, Macro Systems is here to assist you in enforcing it. Reach out to us today to learn how we can help make your operations more secure and productive with our IT services and solutions. Call 703-359-9211 now.