Passwords have been in the news this week after a rather controversial move by First National Bank (FNB) ruffled the feathers of some of the bank’s customers. Their frustration was caused by a change to the bank’s online banking login process, which required users to type in their usernames and passwords manually.
The move prevented customers from using their browser or a password manager to automatically fill in the fields. Local security buffs and tech-savvy customers warned that disallowing password managers actually goes against information security best practice. And FNB listened. Within a matter of days, the bank quickly reversed the security measure, with their head of digital banking, Giuseppe Virgillito, commenting that they always value feedback from customers.
If anything, this story showcases that customers want security but this security shouldn’t come at the expense of convenience.
Perhaps the bank would have been better off just going passwordless. Wait, what?
Passwordless authentication is a verification process that determines if you are who you say you are without asking you to manually enter a string of characters. It’s a type of multi-factor authentication (MFA) that replaces passwords with more secure authentication factors, like a fingerprint or a PIN that is sent to you via text or email. And the “multi” part in multi-factor means that you’ll need two or more factors for verification when you’re logging in.
With MFA, the user’s identity is verified with at least two of these three factors:
Something you know (password/username)
Something you have (mobile device or FIDO key) FIDO2 security keys.
Something you are (biometric data)
Below, we’ve put together a list of some of the key benefits of going passwordless:
Better User Experience (UX): Users no longer need to memorise a range of different passwords – with uppercase/lowercase and special characters – and they don’t have to come up with a new password every few weeks. Passwordless authentication streamlines the entire login process.
Improved security: Passwords are the biggest attack vector because users choose weak passwords of they share their login information with others. Taking this responsibility out of the users hands makes it easier to keep threats at bay.
Greater visibility: For IT teams, passwordless authentication gives delivers greater control over identity and access management. This means that they can spot – and prevent – any suspicious logins before they become a problem.
Reduced Total Cost of Ownership: Password management is costly. Just think about how much time your IT staff must waste resetting user accounts or updating systems when passwords change. In fact, industry research shows that password resets account for around half of all help desk calls. In a passwordless environment your IT team’s time is freed up to focus on more important things.
“By 2022, Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases — up from 5% in 2018,” says Ant Allan, VP Analyst, Gartner. These stats aren’t surprising, because, let’s face it; passwords have been a problem for a while. At 48Software, we’ve been keeping our eye on the move away from traditional passwords. This is why we developed Surge Identity, a cloud identity solution that enables secure sign in, using trusted identity and social providers. The solution also secures app-to-app communication using the latest industry security standards.
Keen to learn more about passwordless authentication and Surge Identity? Complete the form below and we’ll be in touch.