Steven Puddephatt, Senior Cloud Architect @ GlobalDots
23.02.2022
image 6 Min read

Why Passwordless, Why Now?

Advances in technologies pose new dangers online as more people use devices to do their shopping and finances. The remote work era pedaled, further extending technology adoption, so growing concerns regarding security and new methods are more valid than ever.

Progress comes with leaving behind obsolete methods to improve efficiency and in the future. One of these burdens comes in the shape of passwords.

Cybersecurity is key for businesses globally, and phishing sites, hackers, password spraying attacks organizations are a big threat, so passwords are unreliable.

According to the 2017 Verizon Data Breach Report, 81% of hacking-related breaches used weak or stolen passwords. For this reason, many businesses are exploring new security methods.

Another relevant point is shifting powers in economics. The rise of Gen Z as a future giant in buying power and their online tendencies is making e-commerce businesses question how their UX and security methods are doing.

Passwordless methods are starting to gain more terrain, and in 2022 end-user accounts will go passwordless. How is Gen Z involved in this in any way? And what methods are secure and smooth to bring the best customer experience while securing businesses data and reducing costs?

Why Passwords are Such a Hassle

For over 60 years, passwords have been the main component of a user’s online identity security. Increased automated attacks using compromised credentials force online businesses to spend large sums of money on security. Plus, they need to spend even more money on customer support to help them leverage the password system.

According to a recent survey, Gen Z has a limited attention span. This finding results in low tolerance for lengthy authentication experience, including remembering or restoring passwords.

If they look through your store and forget their password or see a complicated signup process, they’ll skip it. Due to this, optimization in UX is as important as having a good product, and passwordless methods are key for your business to avoid losing money.

These are three of the biggest cons imposed by the password system.

  1. Poor Security

Passwords are susceptible to cyberattacks, security breaches, and phishing sites.

  1. Nonoptimal

Dealing with passwords it’s uncomfortable. Managing several passwords is a hassle and forgetting credentials is common, but having one password leads to fragile account security.

  1. Increasing Costs

The ever-growing online population has made passwords costs and customer support skyrocket. Ponemon Authentication reported a $5,217,456 Annual cost of productivity and labor loss per company on average to maintain passwords.

Why is Gen Z that Important?

Gen Z is the generation born in 1996 to early 2000s onwards, so if you calculate the average, they would be around 18-26 years old.

They’re also the first generation that practically had a smartphone as children, the digital generation. According to Bank of America, in 2030, Gen Z’s earnings are to hit 33 trillion, more than ¼ of all global income: And they don’t like passwords.

This generation of young adults likes optimization at the highest level while maintaining ease of use, and if you don’t give it, they will look elsewhere. This preference is a huge challenge for companies.

It only takes 8 seconds for a Gen Z to see if your content is worth their time or not.

And they are like that with websites, too, so having a smooth process is a must to keep their attention, and that’s where password methods are something they dislike so much.

The Current State of Passwordless

Current passwordless solutions tend to cause friction in the user experience. Many times, these solutions cause even more friction than a basic password system so long as the users remember their password. Here’s a breakdown of four of the most common passwordless solution currently on the market and how they cause UX friction.

PIV/Smart-card-based authentication

A common passwordless solution for security in enterprises and healthcare organizations. In this method, people receive a smart card to access a device or account. However, this creates a single point of failure that can cause significant friction if the card is lost, misplaced, forgotten, stolen, or lost. When someone loses access to their card for any reason, they also lose access to all devices and accounts until the card is retrieved or a new card is produced.

Device Trust

This passwordless solution sends a push notification to a recognized device in order to authenticate a user. In order for this passwordless solution to work, a recognized user already has to be logged in and confirm if the device should be trusted. These limitations can cause significant friction as the user needs to wait until someone else authenticates them. It also poses a security risk if an untrustworthy device is authenticated on accident.

Magic Links and OTPs

This method usually involves the allocation of a One-Time Password, whether the user sees it or not. The user either gets a combination of characters they have to type in or a sign-in link sent to their inbox or as a text message. Both of these methods create friction as the user needs to type in a long string of random characters causing more friction than a normal password or dig out a link from an oftentimes overfilled inbox.

Multi-factor

Also known as two-factor authentication, it combines several passwordless authentication methods to increase the user’s level of security. While this method does improve security, it creates a burden on the user as they need to authenticate their account every time they log in.

While each of these four passwordless solutions tends to increase overall security, it comes at the cost of a worse user experience.

The Future of Passwordless: Removing UX Friction with Biometric Authentication

Biometric authentication uses device built-in fingerprint scanners, face scanners, or retinal scanners to quickly and seamlessly authenticate a user. Today’s most advanced passwordless solutions leverage it to create a quick, encrypted key pairing and challenging process according to the FIDO2 protocol. This tenchnology is shortly referred to as FIDO WebAuthN.  

This authentication method completely eliminates the need for usernames, passwords, and also any other form of shared secrets or MFAs. This significantly reduces friction, operating costs, and attack surfaces while also improving the user experience for registration, authentication and account recovery. 

This form of authentication also offers the highest level of security in terms of both other passwordless solutions and a basic username and password log-in: It builds on a private key – a mathematical representation of the user’s biometric data – that is stored in the user’s device and is never shared with any application or service. 

Learn all about how it works along the identity lifecycle on our latest eBook: Login Unlock: Biometric PAsswordless Authentication with FIDO2 Certified WebAuthN.

To further improve UX, biometric authentication offers complete cross-channel access. This enables a user to easily log into their account regardless of the device, location, or any other factor with ease. As the number of channels consumers interact with brands continues to increase, cross-channel access will only become increasingly important.

Conclusion

In summation, forecasting how Gen Z will become a huge part of global workforce and revenue soon, preparing and tailoring security and accessibility will make revenue in the future.

Applying this passwordless system will bring huge benefits, so being future proof for them to also aid you in terms of security due to passwords methods being absolute make them an important matter for today.

At GlobalDots, we invest significant time and resources testing this category’s most cutting-edge vendors. With our expert insight, we pinpoint the best passwordless authentication provider for your business use case for you to prepare your business and be future-proof.

A world leader in implementing B2B cloud and web innovation, we have helped over 1,000 business clients integrate enterprise-grade security solutions. Our team considers compatibility and integration depending on your architecture, headcount, and industry. Using a seasoned and certified integration partner like GlobalDots, you earn complete peace of mind that the implemented solution is bespoke to your unique business needs.

Contact us today for an easy adoption of all the latest web & cloud innovation – from Passwordless and beyond.

Read More

GlobalDots Partners With Transmit to Make Passwords Extinct
Identity & Access Management (IAM)
Admin Globaldots 08.09.22

As we rely more and more on online services, managing passwords becomes increasingly challenging. Compromised passwords lead to account takeovers, which pose existential threats to customer-facing businesses. Account takeovers led to an estimated $11.4 billion in losses in 2021, caused mostly by compromised passwords. GlobalDots, a cloud innovation leader, partners with Transmit Security, a leading […]

Read more
How To Implement Passwordless Authentication: A Step by Step Guide
Identity & Access Management (IAM)
Miguel Fersen, Senior Cloud Consultant @ GlobalDots 27.07.22

Login details are criminals’ favorite type of data, as they allow complete impersonation of a legitimate user on your system. By successfully compromising an account, an attacker becomes a wolf in sheep’s clothing, appearing completely innocuous until they launch their attack.  One of the most common consequences of cracked credentials is a data breach, the […]

Read more
slider item
Identity & Access Management (IAM)
Dror Arie, Senior Solutions Architect @ GlobalDots 06.06.22

While ransomware, securing the cloud, and sprawling IoT vulnerabilities are keeping our CISO’s up at night, credential phishing is a consistent threat, plaguing their employees. Credential Phishing is the practice of stealing user ID/email address and password combinations, by masquerading as a reputable or known entity or person in email, instant message, or another communication […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo