Passwordless Is All The Rage — But There Are Considerations To Be Made

Passwordless Is All The Rage — But There Are Considerations To Be Made

It has long been known that passwords are vulnerable to hacking. 

Organizations around the world have acknowledged this risk over the years by introducing more stringent controls around password security and by creating awareness among their staff.

Despite the rising awareness of the risks associated with weak passwords, data breaches have revealed that not enough attention is paid to the creation of secure passwords –- the most popular passwords around the world are still passwords like “password” and “123456.”

According to Microsoft Corp. MSFT, 579 attacks to hack a password occur every second, which adds up to a monumental 18 billion attacks per year.

But many common practices for making passwords stronger through complex requirements like including symbols, case sensitivity, and disallowing previous passwords only make it harder on users.  Passwords become incredibly inconvenient to create, remember and manage across the various accounts a person owns.

Because using passwords can create a poor user experience, many people often end up ignoring even basic password protocols – leaving themselves and their organizations defenseless against phishing schemes, brute-force attacks, and other tactics cybercriminals use to hack passwords.

Is Passwordless Authentication The Solution?

An ideal scenario seemingly might be one where no passwords are required, and several alternative options have emerged for the passwordless authentication of users. While many people and companies focus on the convenience of going passwordless, the security considerations of passwordless authentication are often overlooked.

The most commonly used passwordless authentication methods focus on replacing the password as a single method, or as one of the methods used for multi-factor authentication. Authentication methods that are most commonly used are either possession factors, which require the person to use a smartphone or hardware token, or device-based biometrics, such as Apple Touch ID or Windows Hello. 

These options present their own challenges. Possession factors, such as smartphones or hardware tokens can be stolen, shared, lost, or damaged, resulting in users being locked out or allowing unauthorized access. And the costs and investment in purchasing multiple tokens or separate mobile devices with data plans for staff could be very high for large organizations. Not to mention there are large portions of people who do not have access to a smartphone.

Finally, there are scenarios that make these factors implausible to use. For example, manufacturing floors, contact centers, banking locations, and others have people working who need to authenticate but where it may not be safe or practical for them to carry an additional device.

Identity-Bound Biometrics Removes the Need for Phones and Tokens

One method of passwordless authentication that could effectively address these challenges is the use of Identity-Bound Biometrics (IBB) for access management, which is offered by cyber security companies like BIO-key International Inc. BKYI.

Identity-bound biometrics creates a centralized unique biometric identity that can be used to verify a person anywhere. Some of the most common identity-bound biometric authentication methods are fingerprint scans, palm scans, face scans, iris scans, and voice recognition.

Passwordless authentication with IBB can be as simple as the scan of a finger at any device in any location, making it a safe, efficient, cost-effective, and secure option for a range of common use cases, including shared workstations, remote access, and scenarios where mobile devices are not permitted such as manufacturing floors and contact centers as mentioned previously. 

BIO-key says its IBB process centrally stores biometric data in a nonreversible way to create a unique biometric identity for each user to verify the person taking action, which serves to establish trust and accountability based on a person's biometric identity.

The benefits of using IBB include:  

  • Positively identifying the user intended to gain access
  • Auditability of activities through a log that records all logins and tracks users' system access  
  • Ease of use with a quick and easy user experience requiring only single-touch authentication for a passwordless login
  • Reduced overall cost by installing just one fingerprint scanner per desktop as a one-time investment as opposed to multiple tokens or mobile devices  

IBB is part of BIO-key's unified identity and access-management platform PortalGuard, which provides a range of authentication methods as part of its robust multi-factor authentication, as well as single sign-on and self-service password reset capabilities. PortalGuard is the only platform on the market that offers all these business-critical solutions using identity-bound biometrics as a key differentiator when it comes to implementing stronger authentication, according to Bio-key.

To learn more about BIO-key’s IBB passwordless authentication products visit its website

This post contains sponsored advertising content. This content is for informational purposes only and is not intended to be investing advice.

Featured photo by Volodymyr Kondriianenko on Unsplash

Posted In: BIO-KeyPartner ContentSmall capsMarketsTechGeneral