[ad_1]
Microsoft’s announcement last month that users of Office and other business software can now create password-less login scenarios was good news. I think I speak for the whole world of computer users when I say this is just great.
Passwords are the bane of our existence. They really give the worst user experience of all. I’ve worked with systems that will tell you it’s time to change your password, which means I have to find the paper or computer file that has all of my passwords and change it on that list. Then of course I have to remember that I changed the password. (I remember when I log in with what I thought were the actual credentials, but I get the message that says, “Your username or password does not match the information we have in the case. “)
Some people use cloud password managers to save their credentials but as we know these managers can also be hacked. Meanwhile, a May report from SecureAuth found that 53% of people use the same password for multiple accounts, making successful breaches even more dangerous.
And among these, the most used passwords remain: “123456” and “password”. Next come “12345678” and “qwerty”. Could we make our company data easier to access for scoundrels?
In a recent article, Aviad Mizrachi, co-founder and CTO of Frontegg, creator of an administration portal for SaaS applications, noted that the more you tighten the security of your applications, the worse the user experience. It’s a conundrum in the industry. “This means that we probably want to apply certain password complexity rules to our customers in order to improve security levels. Needless to say, this adds more friction to the registration and sign-in processes, while reducing customer satisfaction, ”noted Mizrachi.
In short, passwords are both bad for users and great for hackers. In fact, more than half of the companies surveyed said they have implemented alternatives to passwords, according to a recent report, “2021 The State of Password Security,” by Cybersecurity Insiders and HYPR.
The report found that 64% cite user experience as one of the main reasons for not having a password, with 73% of respondents saying that a password-less, mobile-first Multi-Factor Authentication (MFA) solution is better than traditional factors, such as passwords, MFA push, or hardware. tokens.
On the security side, stopping credential-based attacks is the number one reason people say passwordless MFA authentication is important, with 91% of respondents saying it is the number one reason. Yet in a related conclusion, organizations using passwordless multi-factor authentication may require an underlying password, such as a code sent to a mobile device that must be entered into the computer to access it. Of respondents to the Cybersecurity Insiders survey, 61% said their ‘no password’ MFA solution requires either a shared secret, one-time password or SMS code, although 96% of respondents consider it ‘elimination of shared secrets for authentication as “essential” (44%) or “somewhat important” (52%).
And we haven’t yet touched on the amount of time the service desk staff spend resolving password issues. According to another recent report, the estimated cost of productivity per business averages $ 5.2 million per year.
According to Mizrachi, “It’s pretty clear that the future belongs to the passwordless. With the digitization of more and more services and platforms, the password authentication model is simply no longer practical. Embracing the password-less trend and implementing it as the default option in self-service and multi-tenant offerings (think user management) is no longer an option. The future belongs to the passwordless.
Many password-less solutions are coming to the market, including facial recognition, voice, fingerprints and security keys, according to the FIDO Alliance, which creates free and open standards for authentication.
In fact, among respondents to the Cybersecurity Insiders study, 36% said they used their smartphone as a FIDO token for passwordless authentication. And, 73% said smartphones offer the most convenient method of MFA, while 17% said built-in authenticators, such as TouchID and Windows Hello, are the most convenient.
For me, the best solution I have experienced is fingerprinting. I access my MacBook Pro using Touch ID fingerprint scans and can do just about any bank transaction I want on my cell phone by accessing my account with just my fingerprint. It’s fast, and never fails.
All I have to do is remember which finger I used.
[ad_2]
Source link