By: Lucas Budman
Everybody hates passwords. They slow us down. They can be complicated. And of course, we must remember so many of them.
Cyber threat actors are the exception. Hackers love passwords—after all, passwords are easy to discover and exploit. And they’re plentiful.
In other words, hackers don’t break in, they login with stolen passwords. In fact, 81 percent of data breaches start this way, making passwords the biggest attack vector in the modern enterprise. And even though more than $16 billion was spent on identity and access management (IAM) solutions in 2020, the problem continues to worsen. Existing two-factor and multi-factor authentication (MFA) tools are simply insufficient; they may improve a poor security posture, but they do nothing to prevent phishing attacks, credential stuffing, or man-in-the-middle SIM swaps. They do, however, cause significant user friction and workflow interruption, which hinders their adoption and use.
A recent Forrester report notes the increased criticality of IAM for securing access, ensuring business continuity, and supporting remote workers while battling evolving threats across dispersed on-premises and cloud-based workloads. The push to fully remote workforces and the strain of layoffs, rehires, contractors, and role changes exposed the frailty of homegrown, manual identity governance and paved the way for renewed interest in passwordless solutions.
But as organizations know all too well, the identity management and authentication landscape is incredibly costly and complex, and as the Forrester analysts note, the adoption of too many security solutions in a short span can lead to unforeseen integration challenges, tools that don’t map well to existing business processes, and wasteful or overlapping capabilities.
For those companies committed to supporting the shift to hybrid work, innovative and robust passwordless enterprise technologies can help protect the business from rapidly increasing cybersecurity threats while ensuring a seamless experience for employees who can easily and securely log in from anywhere in the world without the need for antiquated and insecure passwords. As Walter Yosefat of Wyndham Destinations remarked, “As a CIO, my vision has been to live in the day when user IDs and passwords are no longer needed and I’m just known to my apps and systems without the need to continually assert it.”
Successful passwordless deployments must reduce complexity, end fragmented user experiences, and streamline use-case support to drive down cost. After all, a great technology is only meaningful
if it’s useful—and used. To remove the threat from compromised credentials and support a secure, easy-to-use solution, organizations must:
The best solutions available today align to the Zero Trust model. They continually receive signals from a user’s smartphone, computer, network, and proximal environment to make highly secure decisions on identity and authentication. They also use sophisticated multipath optimization technology to find the most secure path to communicate identity to systems, applications, and resources. But perhaps most importantly, winning solutions offer pre-built, standards-based integrations across the entire identity stack to support full-spectrum authentication. Remote onboarding and identity proofing, workstations, SSO/apps, servers, VPNs, Windows, Mac, and privileged access should all be supported, as should physical access via badge readers. Benefits include fast secure deployment, shorter procurement cycles, easier maintenance schedules, lower product subscription costs, lower integration costs, more accurate IAM policy management, and centralized reporting.
Solutions must also be more than just a biometric alternative to passwords; they must offer frictionless access, coupled with behavior pattern analysis and the ability to