Blog
Recent
Tips And Tricks

Debunking Passwordless Myths 

Rose de FremeryJune 01, 2022
Passwordless authentication is the future of cybersecurity, but you're not alone if you're having trouble visualizing what a world without passwords even looks like. After all, we've all gotten used to using passwords to live, work, and play online for decades. What would it mean to start logging into our accounts in a totally different way?  If this question gives you pause, that's normal. After all, change is difficult for most of us humans and we've been through plenty of change as it is during the past two years. Knowledge is power, though, and learning about passwordless authentication will help you make the best choice for your business when the time is right. To help you cut through the confusion and understand what going passwordless really means, we'll debunk some popular myths about passwordless authentication.

Why passwordless is more secure

Passwords may feel secure to us – after all, they're the authentication method we know. But passwords alone can't secure business accounts and data so well anymore. According to the 2021 Data Breach Investigations Report, 61% of data breaches involve the use of unauthorized credentials. Cyber criminals regularly steal, guess, and crack employees' passwords, then buy and sell them on the dark web. With such easy access to compromised passwords, bad actors can then open the digital doors of many companies and help themselves to almost anything they want. They may make off with valuable data about the businesses, their customers, or even their employees. If the hackers find a way to log into the companies' financial accounts, they may swipe a fair amount of their capital, too.  Passwordless authentication, though it may be new and unfamiliar to many businesses, offers them a more reliable way to prevent these kinds of attacks. By using biometrics such as fingerprint scanning or facial recognition in place of passwords, companies make it much harder for malicious actors to fake their employees' credentials. The employee becomes their own source of verification, which also means that they don't have to remember complex jumbles of numbers, letters, and symbols just to access their work accounts. With an easier way to log in, employees are much less likely to engage in risky password behaviors like password re-use or failing to change their passwords even after a breach has occurred.  These risky behaviors also have far greater consequences than they once did, too. According to the 2021 Psychology of Password report, 71% of people have worked wholly or partly remotely during the pandemic, and 70% of them spent more time online for personal entertainment and work. Seventy-nine percent of people agree that compromised passwords are concerning, but only 32% of them say they would create stronger passwords for their work accounts. This finding suggests that if business leaders are serious about avoiding data breaches, they need to provide their employees with better tools than passwords to keep their work accounts secure.

The difference between passwordless and MFA

Business leaders who are just getting up to speed on passwordless authentication may assume it's the same thing as multi-factor authentication (MFA), but there are important differences to know about where these two approaches are concerned. MFA doesn't necessarily do away with passwords – it just requires that users provide more than one form (or factor, as the lingo goes) of authentication to prove that they are who they say they are. This extra form of authentication could be a temporary code issued via SMS, email, or an authenticator app on the person's phone. Or, it could be a biometric factor like a fingerprint. But more often than not, it still includes a password.  Passwordless authentication, as the name suggests, does away with passwords altogether in favor of stronger authentication factors. Rather than asking you to provide something you have, such as a password or a code that could fall into the wrong hands, it requires you to provide something you are – your face, your fingerprint, or your voice. It's much harder for hackers to steal or fake our unique physical characteristics, which means a passwordless approach could actually give us more peace of mind. 

Why passwordless may be more cost-effective

Everybody knows how to use passwords, so they may seem like the cheapest and easiest form of authentication at first glance. When you look at them more closely, though, you'll find that passwords come with a hidden cost. Employees find passwords hard to remember, and they have more of them to remember than ever. According to the 2021 Psychology of Passwords report, 50% of respondents had 50% more accounts in 2021 than they did in 2020. If your employees don't have a password manager to help them keep track of all their credentials, they'll resort to risky workarounds to keep track of them all – and that risky behavior could result in a very expensive data breach for your business. Then there's the administrative burden involved in keeping passwords secure. When an employee forgets a password, they often have to call IT to get help resetting their password so they can get back into their account. This frustrates the employee, especially if they've got an urgent deadline. While they're waiting for IT to get back to them, they're essentially idle when they could be getting work done. IT also has to drop what they're doing to help the employee regain access to their account. Not only does the IT team find this process inefficient, but it also runs into challenges keeping the business secure when employees get tired of remembering passwords and try to get around this requirement by using poor password hygiene. If they re-use a password or never change it, IT has to spend a considerable amount of time figuring out how to manage the very real cybersecurity risks that these behaviors create. These seemingly small efficiencies add up, costing your business money in staff time that could be better invested toward strategic priorities. 

Understand what going passwordless means for your business

Chances are, you've seen the signs that passwords alone aren't enough to protect your business from cyber attacks. Hackers are increasingly using stolen credentials to compromise company networks and steal valuable information, and they have a golden opportunity to go even further now that so many people are working from home. It's more urgent than ever to start using more secure methods of authentication than just passwords. Fortunately, understanding what going passwordless looks like can help you prepare to take the next step. While a passwordless future may seem a bit daunting at first, there's a silver lining: there will be fewer passwords to remember. Learn how LastPass' biometric authentication can help you increase your security across your organization.