With passwordless authentication, gone are the days of poorly kept password secrets and other forms of unmemorable authentication. Who can honestly say they like passwords? 1 in 5 people have reported from a Microsoft Twitter poll that they would rather “reply all” to a mass email – and risk embarrassing themselves in front of hundreds of colleagues— than have to reset a password.
Instead of passwords, passwordless uses something only the user possesses – or is in physical possession of – like a one-time password, a registered mobile device, or a hardware token. Additionally, passwordless can employ things that are an intrinsic factor, like FaceID or a fingerprint scanner. In today’s hyper-connected world, the financial industry can benefit from passwordless authentication in five major ways.
Security on another level
Passwords are notoriously a weak-point in security systems. With attacks on financial institutions such as password spraying, phishing, credential stuffing and more, is it any wonder the future of passwords needs to see its time of day? Passwordless authentication famously bypasses these problems and is nearly immune to old attacks (unlike legacy password and 2FA). And if there is a breach of security, the risk will be mitigated to a much higher level than with traditional passwords (which are without question more and more frequent and more and more pervasive with each passing year).
With an authenticator (phone sign-in) for instance, passwordless security will be at their highest levels and, as a result, financial security will be at their highest levels as well. Similarly, with a hardware token passwordless security will be at the highest while simultaneously being at the easiest of usability. Which brings us to the next benefit…
Super Usability
The amount of time spent entering (and remembering, and recovering) passwords is monumental in nature. Since there is no need to worry about password recovery with passwordless authentication it ultimately helps the bottom line in terms of productively gained and not lost. With say, fingerprint or retinal scans — gaining access to your email or work computer is only, well, a fingerprint or retinal scan away.
The stronger the password, the more difficult it is to remember. But the easier the password is to remember, the less likely it is to be secure.
This classic paradox is what makes passwordless king.
Less IT Headaches
According to one report, up to 40% of an organization’s help desk time is wasted on password tickets.
This massive time sink can be avoided with a passwordless authenticator. Sure, it could be considered a SPF (single point of failure), but they’re designed to be fool-proof so that having to think really hard about your first pet or the street you grew up on will merely be an afterthought when accessing accounts.
Scalability
Financial institutions can scale their passwordless authentication to bigger and bigger heights by allowing each user to have dominion over more and more previously password-protected material. This subsequently allows for productivity to improve per employee as well as greater access more broadly. And ultimately the customer or financial institutions actually physically own the product and security they’re in question of. Owning security means more freedom, and ultimately a bigger bottom line.
Long-term savings
Fewer breaches means more revenue, less headache to worry about, and more time spent by each employee being productive. And with $34 million stolen from Crypto.com users in a single hack (and with new breaches and hacks occurring all the time), passwordless authentication is going to become an eventuality rather than merely a rosy picture of the future.
According to Gartner, 90% of midsize corporations will be moving to passwordless authentication in the future. IBM’s Cost of Data Breach has also found that your average enterprise loses $4.25 million due to data breaches. Not to mention malicious insiders, social engineers, and compromised credentials.
Own your security with passwordless
Navigating the cybersecurity world to a passwordless future is difficult without proper guidance. 90% of smaller banks (<500 employees) have reported experiencing a breach caused by authentication weaknesses. Fortunately, banks and financial institutions can avoid becoming another negative statistic by switching over to passwordless authentication. With passwordless authentication that is either possessive or intrinsic we can take financial institutions to higher profitability heights by ensuring that their security is intact — and owned.
It may not be easy for companies to fully transfer and relocate all of their resources from password-based legacy to passwordless authentication future but the infrastructure is there to help make the transition as smooth as possible. Agile companies are popping up designed to solve this crisis and still other larger companies like Microsoft are already moving over to the passwordless future.
Jason Martinez
Jason is a Cal Poly Pomona Alum currently working as a marketer and content writer for a variety of brands in information technology and cybersecurity.
