Studies show nine of 10 business leaders believe “passwordless” authentication is becoming a foundational element in a culture of “
cyber resiliency.” In fact, one recent survey found that 89% of IT security executives at financial services firms feel passwordless methods ensure the highest level of cybersecurity for their companies.
What is passwordless authentication? As the term implies, it is any user verification technique that does not use a password. Here are the most common ways it is used:
- One-time codes (OTC) – Usually sent via email, text message or smartphone apps, OTCs are short numerical or alphanumerical codes that are valid one time for a limited period.
- Biometrics – Typical biometric identifiers include fingerprints, retinal scans, and face or voice recognition.
- Magic links – Like OTCs, these links are delivered via text, email or other messaging apps to enable one-time confirmation for users upon request.
- Push notifications – These are sent to users by a secure server to secure mobile devices via a secure network and require individual users to perform a single action to confirm identity.
- Hardware tokens – Users must physically possess these items to access secure networks and/or digital assets. They can be a USB fob that is plugged into a computer, or a device that uses Bluetooth or near-field communication (NFC) technology to transmit authorization codes at close range.
Chances are you already practice one of these passwordless procedures regularly as part of a
multifactor authentication (MFA) process. For example, you most likely receive OTCs for access to mobile banking or other financial service apps.
Each passwordless system has advantages and disadvantages (ease of use, implementation cost, etc.) Whether one of these approaches is the right way to improve your organization’s cybersecurity depends on the unique objectives, requirements and priorities of your business.
Interested in a passwordless future for your company? We have the expertise to help you implement a range of cybersecurity practices.