Let’s be frank—passwords are still the bane of our online existence. They’re living fossils, throwbacks to a time when a secret string of characters was the only thing available to secure accounts. Thankfully, there are now secure and easy to use authentication options which let organisations relegate passwords to computing’s Jurassic era.
We’ve all been there. Staring at the login screen of an app or online service that we haven’t used for a while—perhaps months. And since we can’t remember the password, so begins the laborious process of resetting our credentials. Or perhaps it’s creating a password at the start of our relationship with that service—registering an account—when all we want is to check out and move on to our next purchase.
Passwordless authentication is a catch-all description for a number of different login methods, but they all share the same characteristics: they are based on secure and well-tested cryptography; they are easy to use for the average consumer, often making use of the user’s smartphone; and they don’t require recalling a complex string consisting of eight or more characters including at least one capital letter, one digit, one special character (except for !, $ or &), that’s different to any used in the last 12 months, that don’t match previously breached passwords… you get my drift!
Passwordless authentication can have an immediate, positive impact on both customer retention and online security. Simplifying the authentication process, whether it’s for registering, logging in, approving a major transaction, or re-enabling a dormant account, is key to improving customer experience and reducing the potential for identity fraud and breaches.
Consumers now expect an easy-to-use identification process for online transactions, due to the widespread use of on-device biometrics like Apple’s FaceID and TouchID. Sharing those well-understood experiences across web and mobile applications, and into analogue channels like support centre calls and in-store interactions, is one of the most effective ways of enhancing a consumer’s perception of an organisation.
And retiring passwords helps to significantly reduce the effectiveness of phishing, password spraying, brute force attacks, and other common cybersecurity threats. Passwords are the “low hanging fruit” that cybercriminals turn to first to commit identity theft and financial fraud. At a time when organisations are responding to market pressures by granting more access to customer data through online channels, secure and attack-resistant authentication is an essential building block of any online service.
It’s clear that our online futures will not involve passwords. The technology and implementation patterns for a passwordless model exist and have been tested through multiple iterations. The business benefits are also clear—improved user experience and better security. It won’t be long before it’s expected by your end users, and not a “nice to have”.
Right now, passwordless authentication is being used by large companies but we expect SMEs and mid-market companies to adopt the technology rapidly over the next 12–18 months, as the dual threats of reputational impact from data breaches and consumer awareness rise to the top of business imperatives.
It’s time for passwords to go the way of the great lizards. And with consumers linking their online experience to the brand, without a passwordless experience, you too could be seen as a dinosaur!