Did you know that over 80 percent, eight-zero, of cyberattacks are the result of stolen access credentials? It’s no wonder that the username/password combination that we’re all used to is being actively phased out by many tech companies—including Microsoft—in favor of more secure, passwordless authentication measures.
Passwordless authentication is exactly what it sounds like it would be: instead of relying on a password, identify verification is accomplished through other means. These means could be a verification application, a security token, or even biometric information.
Chances are good that you’ve used this kind of authentication before. If your phone unlocks when it registers your fingerprint or your face, or you’ve received a verification code via a text message, for instance, you have. While not all varieties of passwordless authentication are as secure as others, they still prevent many of the weaknesses that you’d find in a traditional username/password strategy:
Passwords can require some significant investment from businesses. In fact, Forrester Research shared estimates that each reset can cost a company $70. Passwordless authentication eliminates this, by having no passwords that need to be reset in the first place.
How many passwords are you expected to remember? If you’re like the average user, there are dozens, so in all honesty it makes sense that so many undermine their own security with insecure password practices. Security can be better ensured by making it more convenient for the user than otherwise—something that passwordless authentication accomplishes.
Of course, we must address how your security can be benefitted by passwordless authentication. As cybercriminals are increasingly relying on human vulnerabilities, phishing attacks are much more common, as are other password-focused attacks like credential stuffing and brute force attacks. Removing the password in its current state can greatly reduce how effective these threats can be.
This is one of the reasons that Microsoft has been so enthusiastic about passwordless authentication.
Microsoft has been transitioning to passwordless authentication. Not only were there 150 million user accounts utilizing passwordless authentication as of last May, 90 percent of its own 150 thousand employees are now using passwordless and saving Microsoft 80 percent of the support costs once associated with internal password management. As these efforts have been paired with multi-factor authentication, Microsoft has also seen this feature take off.
Considering that passwordless authentication has been shown to be…
…it’s safe to assume that we should observe an increased shift to these solutions in the relatively near future.
SCW can assist you in implementing the best security solutions available. Reach out to us at (509) 534-1530 to learn more.
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!