The World Economic Forum’s Take on Passwordless Authentication

The World Economic Forum’s (WEF) mission is cited as engaging the foremost political, business, cultural and other leaders of society to shape global, regional and industry agendas. Of topic at WEF’s Annual Meeting last week was cybersecurity, and in particular passwordless authentication. 

Passwordless authentication securely authenticates an end user into a service without requiring the user to type a password. There are multiple ways in which a business can offer passwordless authentication experience to their employees. For example, biometric authentication authenticates employees using physically who they are, such as their fingerprint or face.  Another example is single sign-on, which connects an employee to an application using a protocol such as SAML, authenticating the employee with the protocol versus with a password. 

We recently launched a passwordless login experience for LastPass Identity, which delivers a passwordless experience through features such as Workstation Login, biometrics, federation and single sign-on. We are excited to see passwordless authentication as a topic of discussion at WEF’s Annual Meeting in Davos. 

WEF in collaboration with the FIDO Alliance offered their point of view on passwordless authentication in the whitepaper Passwordless Authentication: The next breakthrough in secure digital transformation. In the report, WEF offered 4 key reasons why businesses should transition to passwordless authentication: 

Increased revenues and lowers costs 

Cybersecurity can often be perceived as an expense to the business. However, eliminating passwords will not only help eliminate risk, but also to help eliminate the expense tied to mitigating those risks. According to the report, employees spend 11 hours each year on resetting their passwords. And for an organization with 15,000 employees, that time equates to a productivity loss of $5.2 million.  

The same principle applies when it comes to the IT helpdesk; the estimated cost of a password reset ranges from $30-$70 which equates to organizations spending roughly $1 million on average per year on staffing their helpdesk to manage password resets. Passwordless authentication helps lower these costs, as well as increases employee productivity. 

Passwordless authentication helps reduce security related expenses as well. The average cost of a data breach in 2019 was $3.92 million, and 80% of all breaches continue to involve weak or stolen passwords. Eliminating passwords from the employee login experience helps reduce the likelihood of a data breach and the associated expenses, not to mention having a stronger risk posture can help lower the premiums on cybersecurity insurance. 

A better user experience 

WEF notes that 86% of consumers are willing to pay a premium for a more seamless user experience. User experience matters, to the degree where experience is a key differentiator of services amongst competitors. Passwordless authentication is much more seamless than typing out a password, which is becoming a key competitive differentiator amongst digital transformation leaders.  

A seamless user experience not only helps on a competitive differentiation front, it also helps boost business security. A simpler user experience means employees will be more likely to use the authentication system, versus searching for ways to get around using it because it gets in the way of their work. Employees adopting the authentication technology is critical to boosting security and helps ensure the authentication technology is accomplishing what it was meant to. 

Scalable frameworks 

The FIDO Alliance has even created open standards on passwordless authentication, the most prevalent being FIDO2 which became a standard in March of last year. Open standards can help organizations get started on their passwordless efforts quicker as the standards offer a scalable and repeatable framework for doing so. FIDO’s open standards offer a variety of approaches for adopting passwordless technologies, which give organizations the flexibility to select the passwordless solution right for them.  

Greatly improve security 

As passwords are the leading cause of data breaches today, having less passwords in use throughout the organization leads to greater security. Eliminating passwords from the overall login reduces an organization’s exposure to a data breach.  

In regard to keeping solutions secure, WEF states that passwordless solutions do not require any personal information to be stored for authentication. One example would be biometrics; biometric data is stored on a user’s mobile device and not in a centralized location. This local-only encryption model helps increase security, because there is no centralized location for cybercriminals to gain access to the biometrics. Local-only encryption models with passwordless authentication solutions make man-in-the-middle attacks virtually impossible according to the paper. 

Balance user experience and security 

There are many ways in which passwordless authentication can benefit the business. For WEF’s full point of view on passwordless authentication, you can read their full whitepaper here.  

To learn how LastPass Identity offers the passwordless experience your employees want coupled with the security your business needs, visit: https://www.lastpass.com/solutions/passwordless-access