Did you know that over 80 percent, eight-zero, of cyberattacks are the result of stolen access credentials? It’s no wonder that the username/password combination that we’re all used to is being actively phased out by many tech companies—including Microsoft—in favor of more secure, passwordless authentication measures.
What is Passwordless Authentication?
Passwordless authentication is exactly what it sounds like it would be: instead of relying on a password, identify verification is accomplished through other means. These means could be a verification application, a security token, or even biometric information.
Chances are good that you’ve used this kind of authentication before. If your phone unlocks when it registers your fingerprint or your face, or you’ve received a verification code via a text message, for instance, you have. While not all varieties of passwordless authentication are as secure as others, they still prevent many of the weaknesses that you’d find in a traditional username/password strategy:
- Insufficient strength, making brute-force attempts much simpler for cybercriminals
- Without a password, users cannot reuse passwords across different accounts
- Brute force attacks require a password to be present to work, which passwordless authentication negates
Why Businesses Are Adopting Passwordless Authentication
Passwords can require some significant investment from businesses. In fact, Forrester Research shared estimates that each reset can cost a company $70. Passwordless authentication eliminates this, by having no passwords that need to be reset in the first place.
User Experience and Convenience
How many passwords are you expected to remember? If you’re like the average user, there are dozens, so in all honesty it makes sense that so many undermine their own security with insecure password practices. Security can be better ensured by making it more convenient for the user than otherwise—something that passwordless authentication accomplishes.
Of course, we must address how your security can be benefitted by passwordless authentication. As cybercriminals are increasingly relying on human vulnerabilities, phishing attacks are much more common, as are other password-focused attacks like credential stuffing and brute force attacks. Removing the password in its current state can greatly reduce how effective these threats can be.
This is one of the reasons that Microsoft has been so enthusiastic about passwordless authentication.
Microsoft’s Approach to Security
Microsoft has been transitioning to passwordless authentication. Not only were there 150 million user accounts utilizing passwordless authentication as of last May, 90 percent of its own 150 thousand employees are now using passwordless and saving Microsoft 80 percent of the support costs once associated with internal password management. As these efforts have been paired with multi-factor authentication, Microsoft has also seen this feature take off.
Considering that passwordless authentication has been shown to be…
- More secure
- More affordable
- More user-friendly
- More manageable
- And more convenient
…it’s safe to assume that we should observe an increased shift to these solutions in the relatively near future.
Emerge can assist you in implementing the best security solutions available. Reach out to us at 859-746-1030 to learn more.