Commentary

Passe Passwords: Some Firms Are Moving Away From Using Them

There are several reasons for getting rid of passwords from the security framework. But the main reason may be customer convenience.   

The user experience is viewed by 64% of firms as a key factor when adopting passwordless technology, according to The State of Passwordless Security, a new study by Cybersecurity Insiders, presented by HPR. 

This makes sense. Try to click through to something on a site you may have joined five years ago as it applies a typical multi-factor authentication (MFA) protocol: It can be enraging.  

Of course, 91% of companies say passwordless MFA use is important for halting credential and phishing. And this is no small thing, given that 90% experienced phishing attacks last year, often resulting increased helpdesk costs for resetting passwords. 

Email marketing system operators should heed this — their process for sending triggered password update emails had better be airtight. 

Granted, marketing does not play as much of a role in this as other activations. For 86% of firms, the primary user base for passwordless authentication is remote employees.

advertisement

advertisement

Another 73% cite online employees, and 43% identify contractors/partners as a user base. Only 24% specify customers/consumers. 

But that last percentage is bound to grow as consumers understand the ease of passwordless MFA. 

Not that it really exists for them at this point -- 61% of MFA solutions require a password or other shared secret such as an OTP, SMS code.

What’s more, 48% of the firms polled lack passwordless technology.  

Still, 21% feel passwordless tech can help them achieve digital transformation, 14% say it can also help them realize cost savings.

Let’s say your company is considering a passwordless solution. Here are the deciding factors that have adopted or are mulling one:

  • Ease of use — 76% 
  • Ease of integration — 76%
  • Cost — 66% 
  • Time to deploy — 50%
  • Human resource intensity to deploy and manage — 45%

Meanwhile, of the types of cyber attacks experienced, 90% were phishing, 29% credential stuffing and brute force, 14% remote desktop protocol attacks and 9% push or push fatigue assaults. 

Cyber surveyed 417 IT professionals.

 

Next story loading loading..