Passwords are passé.
They are also a universal nuisance. According to one security key provider, people spend nearly 11 hours per year locked out of their accounts and resetting passwords. That time suck translates to tangible costs for companies. According to Gartner, 40 percent of all help desk calls are related to password resets — while Forrester found that each password reset call costs an organization $70.
While passwords have been the de facto authentication method for decades, they have grown increasingly unmanageable and less secure. But it doesn’t have to be this way. There are other emerging methods, such as biometric authentication, which most people are already familiar with on their smartphones.
So, will 2022 be the tipping point for passwordless adoption?
Duo Security is betting on it. The security platform, owned by Cisco, started rolling out passwordless authentication in March 2021. With this feature, users can skip the password and securely log into cloud applications via security keys or platform biometrics, according to a press release.
More recently, in October 2021, the company released a report titled, The 2021 Duo Trusted Access Report: The Road to Passwordless. In it, Duo Security’s data science team analyzed more than 36 million devices, over 400,000 unique applications and 800 million monthly authentications from across its customer base.
The report suggests that multifactor authentication is the “logical next step” to prepare users to “pivot to passwordless.” Meanwhile, the increase in biometrics utilization, such as fingerprint or facial recognition on an iPhone, indicates that users are becoming more comfortable with nontraditional authentication methods.
Enterprises are also warming up to this idea. The report noted that the shift to hybrid and remote workplaces in 2020 catalyzed the change as it presented new security challenges for workers and IT teams.
Of course, there are concerns about transitioning away from the status quo of passwords. For one, end users are concerned about their personal biometric data being stored by private companies. This poses the question: While people routinely use biometrics on personal devices, are they willing to do so for work?
Additionally, IT professionals have concerns about the deployment of passwordless solutions across their organizations, and some have already encountered issues, such as solutions that work for some applications, but not the entire environment.
In a recent blog post, Duo Security conceded that not every company is equipped to go passwordless tomorrow, but encouraged everyone to take the first step. As the company put it, “with each passing month, the promise of passwordless is becoming a reality.”
Here are a few more highlights from the report.
“The Road to Passwordless” By The Numbers
- 71 percent of active customer phones have biometrics enabled.
- 52 percent of respondents are actively considering implementing passwordless features in their environments today.
- 15 percent of authentications are to cloud apps, up from 13 percent last year
- The top five industries increasing biometric authentications are financial services, education, healthcare, IT and telecom, and technology.
Who will reap the rewards?
“Passwordless provides the user benefit for initiatives strengthening authentication. Employees see faster authentication with fewer login prompts and less friction. Meanwhile, security teams are working to improve the overall trust in authentication. Trusted passwordless uses the login process as a policy decision and enforcement point, considering the context and conditions of the request, including device health. Security teams establishing these controls are getting ahead of multifactor phishing and biometric spoofing. Thus, passwordless both simplifies the experience for employees while increasing the difficulty on criminals.”
— J. Wolfgang Goerlich, advisory chief information security officer for Duo Security
The social buzz:
October is Cybersecurity Awareness Month, and Duo Security is keeping the conversation alive on its social platforms. Tune in on Twitter as the company shares insights about the road to a password-free future.
The company recently tweeted, “The promise of #passwordless is becoming a reality. However, it’s important to remember that even though security professionals, IT administrators and end users feel ready for passwordless, it’s our responsibility to make it easy to fulfill that promise."
