Corporate professionals are a significant part of the digital-first world and given how significant passwords have gotten; we may often wonder– how difficult is it to remember and secure passwords, especially when you created it yourself.
The IT department in every organization constantly gives guidelines and security measures to the employees, with respect to setting their credentials but, the employees don’t really abide by them mostly due to the following reasons:
- Setting different passwords for various accounts is a time-intensive process
- Recalling so many passwords on a daily basis gives them mental stress
- Their dependency on help-desks increase and productivity decreases
An article by Trace Security states that according to the recent Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. Also, 91% of employees know reusing passwords is poor practice still, 59% reuse their passwords at home and at work and as a result, 81% of company data breaches happen due to poor passwords.
All in all, the employees need multiple passwords, and they most often don’t have the bandwidth to remember and secure so many passwords. They reuse passwords, and the hackers get easy access to the data – there is a way to break this vicious cycle once and forever.
Forget all your passwords and go passwordless!
You may question – okay, if the employees don’t have to remember so many passwords, we can have a password manager, right? Sure, a good password manager acts a repository where all the passwords are stored, and you need only one master password that will single sign-on to all your applications. But, what if that master password gets stolen? Well, then the hacker will single sign-on to all your applications.
In Smarter with Gartner, it is predicted by 2022, 60% of large and global enterprises and 90% of midsize enterprises will implement passwordless methods in more than 50% of use cases — up from 5% in 2018.
Back in 2004, Bill Gates predicted the death of passwords because as technology advances, the incidences of cyber crime will rise and passwords may not be the answer cyber security. He said: “There is no doubt that over time, people are going to rely less and less on passwords … they just don’t meet the challenge for anything you really want to secure.”
So, it’s time we embrace the passwordless future of work, and here’s how:
Alternatives to password
The objective of having a password is to authenticate the identity. So, eliminating passwords means embracing technology all the more and paving the way for alternatives to passwords such as:
Biometrics involve validating something unique to the user – Facial recognition, fingerprint, retina of eyes, heart rate, etc.
This technique is becoming increasingly popular and considered to be one of the safest alternatives to password. Spiceworks study reveals nearly 90 percent of businesses will use biometric authentication technology by 2020.
Biometrics have become exceedingly common in workplaces. For instance, employees use their fingerprints on the Biometric Attendance Machine, allowing them to enter their workplace.
A notification is sent on a mobile device when a user tries to access an application. The user can view the notification and grant/dismiss access with a simple press of a button.
The best example would be Google’s push notification. Say, you are trying to logging in to your Gmail account from another device that is unrecognized, you will immediately receive an ‘alter notification’ on your mobile phone and you will be asked to review the login attempt.
3.Magic login links
Most of us remember the mail ID but forget the passwords, with magic login links the user receives a link that is created on the secure server of the website you are trying to login. The link is unique to the user and can be used only once, for a limited time. So, you can log in using just your mail ID as you click on the magic link.
For instance, Slack is a popular tool used for communication within the team, If one of the team member forgets his passwords, he can request for a magic link to log in with just his e-mail ID
Slack shows this message – We can email you a magic link so you can sign in without having to type your password.
E-mail and SMS OTPs are used everywhere. One-time passwords are generated within seconds, and the user can log in to their work applications and generally, OTPs also expire within seconds. So, there is no risk of the OTP being stolen. However, as a thumb rule, your OTPs should never be shared with others.
Generally, OTPs are a part of the Multi-Factor Authentication that most organizations opt for. MFA validates 2 or more independent credentials, and most often, E-mail or SMS OTP is chosen as one of the validation techniques.
There are two types of security tokens – hardware tokens and software tokens.
The hardware token is a device that a user possesses. It displays a unique PIN for each use on its built-in LED display. The system activates after the user punches in the initial PIN. However, hardware tokens are generally costly and difficult to deploy, particularly in large organizations.
On the other hand, the user does not physically possess the software token. Such tokens are stored on electronic devices such as PCs, laptops, mobile phones etc. The user generates a security code through a software interface like Google Authenticator. The security system then sends the security code via E-mail, SMS or other formats on the user’s electronic device.
The alternatives mentioned above are just some out of the many validation techniques that do not need a password. As technology advances, we may see more of passwordless authentication methods that are secure and faster.
In fact, you will be intrigued at how fast the tech-giants of digital world have already embraced passwordless authentication.
Players in the passwordless authentication
In November 2015, World Wide Consortium and FIDO Alliance announced WebAuthn as the web standard for passwordless-logins. This is supported by tech-giants like Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico.
The users can login to online accounts using biometrics, mobile devices and security keys.
FIDO Alliance executive director Brett McDowell said: “With this milestone, we’re moving into the next phase of our shared mission to deliver simpler, stronger authentication to everyone using the internet today, and for years to come.”
For years now, we have relied on passwords and have done everything we could to secure them. But, with the news of major data breaches and hacks, our trust in advancing technology is undermining.
We tried and tested a lot of methods in securing the passwords and have still failed, so it’s about time we embrace the passwordles future of work.
The non-existence of passwords in the future of work will be extremely beneficial. Employees will finally be relieved of the hassle involved in creating, remembering and updating multiple passwords while having uncompromised security.
Drop-in a line at firstname.lastname@example.org and let us know what you think about the passwordless future of work.