The Rise Of Passwordless Authentication
As for any other technology, even authentication systems depend on the environment they are implemented in. In most cases, what was considered to be a standard 20 years ago, is no longer used today. And change happens gradually, then suddenly. Let’s take secure internet connections as an example: they have been around since the 90s but only in 2018 Google Chrome started marking HTTP sites as “not secure”. What two-factor authentication and what is the problem with 2FA?
A similar thing has been occurring with passwords themselves, whereas 15 years ago you would be able to use six lowercase letters while today you will need a combination of lowercase and uppercase letters, as well as numbers and special characters. Many companies have already opted for well-known two-factor authentication (2FA), however there are problems with 2FA that we will explore later in this post.
The decline of passwords
No matter how many numbers and characters you use, the truth is that passwords are no longer enough today. Even former US President Obama wrote about it more than six years ago, highlighting the need “to move beyond passwords—adding an extra layer of security like a fingerprint or codes sent to your cell phone.” With the increasing number of data breaches and phishing attacks our societies are experiencing, traditional password-based authentication systems are no longer enough to ensure the safety of sensitive information. That is why many companies are transitioning to passwordless solutions.
A challenge for organizations beyond the problem with 2FA?
This is a very important issue for organizations because the cost of recovering from a data breach can be very high, as it not only damages an organization’s reputation but will also inevitably lead to losses in terms of customers, revenue, and even stock price. And while these companies suffer from losses due to legal fees and reputational damage, the economy as a whole will also suffer due to the disruption of services and a general loss of trust by consumers. That’s why taking steps to protect these systems from cyber-attacks is no longer a nice-to-have for companies. Instead, measures such as encryption, regular security updates, and more secure authentication systems much be implemented – immediately, and at scale.
As part of this transition, many companies have already opted for well-known two-factor authentication (2FA) solutions. These are security measures that require users to provide two pieces of evidence in order to authenticate online. This is usually something they know, such as a password or PIN, and something they hold, such as a phone or token. This additional layer of security makes it incredibly hard for hackers to gain access to users’ information, as it requires both pieces of information.
The problem with 2FA is that users still need to store and protect passwords, which is not a long-term solution to combat increasingly sophisticated cyber criminals. Passwordless solutions, on the other hand, provide a more secure way of authenticating users, as they do not require users to remember complex passwords. This helps reduce user frustration and improves user experience with any system a company implements.
The future of online authentication
With passwordless solutions, people can use biometrics, hardware devices, and other forms of authentication to prevent hackers from gaining access to their sensitive information, as they would need physical access to the device to bypass security protocols. Passwordless authentication also solves the issues of weak passwords, password reuse, and phishing attacks—which constitute a problem for designers who aim at building smooth and flawless user experiences for their products.
Passwords and the 2FA problem solved
There is no doubt that the future of online authentication is passwordless. The only question is whether this will continue happening in a gradual way, or if companies and institutions will realize that there is no time left to continue putting the privacy and security of users at risk. Similar to how Google enforced the HTTPS standard on its users in 2018, it’s likely that something similar will happen soon with passwordless solutions. The technology has been ready for a while now, and it’s clear how and why passwordless authentication is set to become the standard for secure online transactions.