For decades, the humble password has been the cornerstone of our digital security, as well as the curse of our ability to remember them. But in 2024, the limitations of passwords call into question the security they offer, so perhaps it’s time for us to explore a passwordless society.
Many of us are familiar with FaceID, two-factor authentication and banking apps that need another level of verification, so could dynamic authorisations, zero-trust and identity-first authentication take centre stage and see passwords off for good? We’ve considered some of the advantages – and the enduring sticking points for moving to a truly passwordless society.
Reasons to go passwordless
Enhanced security
Continuous monitoring of user behaviour and context in place of passwords increases security and reduces the risk of phishing attacks. For example, instead of prompting for authentication only during login, systems can continually observe and assess a user’s actions. A good example is if your bank notices you are transferring a sudden hefty sum of money, it triggers an additional verification step to ensure your identity is confirmed before completing the transaction. This also enhances security without causing unnecessary friction for routine actions.
Secure account recovery
If you have lost a laptop, dropped your phone into the bath and your methods for account recovery are compromised – SMS, email etc – it’s faster and more secure to recover the account with your identity than a password you can’t access. Verified digital documents (driver’s license, passport etc) or facial recognition offer a way to prove your identity and recover your accounts much faster, more efficiently and securely.
There are thankfully fewer objections to going passwordless, but these are barriers that take time to remove or reset. They include:
- User expectations
Often technology moves faster than cultural norms. As humans, we’ve been conditioned for decades that a password represents strong security, and so the absence of one makes us feel less secure. Resistance to change is one of the main reasons we still have passwords.
- User education
Educating users about passwordless authentication is crucial and organisations must invest in initiatives to help users understand new methods and to feel comfortable using them. This, however, is time and resource hungry.
- Privacy concerns
Continuous monitoring of user behaviour and context can raise privacy concerns – striking the right balance between fending off fraud and respecting user privacy is a challenge that must be addressed.
- False positives
The risk-based approach to authentication may sometimes trigger false positives, inconveniencing users who are performing legitimate actions. For example, if the user of a collaboration tool typically works Monday to Friday, but happens to log-in on one weekend, the system may flag this as a security risk and request further authentication. This risks the employees work being interrupted and causing frustration. Again, striking a balance between security and user convenience and satisfaction is a continuous challenge.
Ultimately passwordless authentication is not a one-size-fits-all solution, based upon application, industry and level of security required, but it offers a secure way of verifying users based upon who they are, not what they know. It represents the future of enhanced security, improved user experience and adaptability to risk-based authentication my removing the vulnerabilities associated with traditional passwords.
Don’t let passwords be your weakest link. Schedule a call with an identity expert today, and take the first step towards a safer, more efficient authentication process.