Many companies nowadays are going passwordless in terms of authentication. The main reasons for this are to reduce IT expenses, try to strengthen their security, and promote the work-from-home culture.
However, according to a statement by Espria, a managed services provider, companies should not be this eager to go passwordless. Going passwordless is a complicated process and requires a lot of consideration and attention.
The CTO of Espria, Dave Adamson, also said that “Passwordless authentication simply replaces passwords with a more suitable authentication factor. This means moving from a centralized credential repository (where passwords are saved) to a decentralized model in which no passwords are saved, and each individual is responsible for their own passwordless authentication. Thus eliminating threats posed by passwords.”
At one point, he also stated: “But unlike Multifactor Authentication (MFA) that does secure organizations, users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems.”
One more reason and benefit of organizations going passwordless is the convenience and simplicity factor. Though people manage to remember some of their passwords, some still have difficulty keeping track of them.
According to Adamson, the CTO Espria, we need to start verifying our identities using face recognition, fingerprint, or a mobile app instead of using passwords. This will make life simpler as you don’t need to remember long passwords, and authenticating yourself is a lot easier.
The idea of a passwordless environment is brilliant, but it has some hurdles that need to be passed before executing it. A survey conducted by cyber security insiders stated that 22% of businesses in the world still don’t have passwordless verification features, and their employees still have to remember long and unique passwords.
The possible reason for this delay is that it is still very difficult for businesses and employees to adapt to a completely passwordless environment. Many people in this survey also stated that they don’t have teams with the right skills to adopt passwordless authentication methods, which is why they don’t even consider using any.
Adamson also stated that the interface of many websites and applications is not designed to become passwordless. Identity authentication has always been a significant problem, and developers kept this in mind while designing apps and websites. Not only this, but many organizations have multifactor authentication. In fact, many cloud service providers are providing password and authentication services.
There are plenty of websites that are recoding and redesigning their applications to make them passwordless. However, making passwordless websites is a very long process to ensure the privacy and security of confidential data.
All in all, there is nothing wrong with going passwordless. However, this process requires a lot of consideration, time, planning, and implementation. Therefore, businesses should not rush into going passwordless. Instead, they should monitor and study all the aspects, strengthen their security system, and gradually take steps towards making their apps or websites passwordless.