The good, the good-old and the biometric: 5 Passwordless options compared
Passwords are obsolete.
Memorizing long and complicated passwords has been holding back businesses for over 50 years, while cyberattacks are evolving every day. ¹ In fact, Google has registered over 2 million phishing sites as of January 2021. The figure is up from 1.7 million in January 2020, a 27% increase year on year. ² On top of that, the latest Verizon 2021 Data Breach Investigations Report states that 61% of breaches utilize compromised credentials.
Now, with remote work becoming a new norm for many professionals, and with both small companies and international corporations hiring talent from around the globe, demand increases for platforms and software that simplify the login process, while simultaneously enhancing enterprise security. Many of those solutions promise to free the organizations completely from passwords and their increasing TCOs. Only this June, Transmit Security announced a $543 million Series A. Transmit’s appless biometric authenticator, named BindID, leverages a device’s built-in face or fingerprint scanner.
But is Transmit’s solution all that special? Let’s have a closer look at the passwordless trend and its different interpretations.
Passwordless Authentication Methods Today
Passwordless authentication is certainly a step forward in enterprise security and can help safeguard sensitive data from cyberattacks.
The main benefits of a passwordless authentication process are evident:
- Time is money in business, and passwordless authentication can eliminate the time it takes the user (and the IT team) to reset passwords internally. According to recent data, entering or resetting passwords has an average annual cost of $5,217,456 per company in labor cost. ¹ Going passwordless therefore has a considerable bottom-line impact.
- High staff turnover can take up a considerable amount of your time and resources as a business, especially around deprovisioning and provisioning of accounts and passwords. Passwordless authentication is often more efficient and secure and not as demanding on your IT department.
- Passwordless authentication makes user authentication far less prone to phishing attacks, data leaks, or passwords being leveraged by former employees. Simply put – it’s more secure.
So, what are the different types of passwordless authentication available for implementation today?
- Biometric Authentication – Biometrics such as fingerprint scanners, face scanners, or retinol scanners can help a business protect itself from cyberattacks. However, biometric data is typically stored in databases, which can be hacked. So, additional cloud security measures need to be in place, such as encryption to strengthen your level of security. Best suited for organizations who prioritize their employees’ time and convenience, as well as those who need a fast passwordless authentication experience. The ideal solution for fast-growing tech companies and those who support their teams with smartphone devices and laptops able to accommodate biometric authentication.
- PIV/Smart-card-based authentication – A common and fairly long-running cyber security strategy used by the healthcare industry and governments worldwide, employees are given a smart card in order to access a device and work. While this is far better than a password, smart cards can be lost, misplaced, forgotten, stolen, or duplicated.
- Device Trust – A passwordless login method that can be applied to both desktop and mobile devices, usually by push notifications to the authenticator app. A user already signed in can determine whether to ‘trust’ the device attempting to sign in. Should a distracted user accept a device without carrying out due diligence, this can put a business at significant risk of cyberattacks.
- Magic Links and One-Time Passcodes – This method usually involves the allocation of a one-time password. It is presented to the user as a one-time passcode or sign-in link sent to their inbox or as a text message. These passcodes & links usually have only a few minutes usage window, after which they expire to prevent the abuse if the mailbox or mobile phone are hacked.
- Multi-factor – Also known as two-factor authentication, it combines a number of passwordless authentication methods to increase the user’s level of security. This may involve receiving a one-time code to your smartphone device or an email magic link to sign in, combined with touchID, for example. ³
Empowering Your IAM Solution with a Passwordless Authenticator
One of today’s most advanced IAM platforms (also considering integration catalogue and level of workflow automation) is Okta. With Okta’s integrated Single Sign-On and Adaptive Multi-Factor Authentication solutions, organizations can take advantage of risk evaluation derived from context, i.e. user, location, device, or network. This means you can restrict access from high-risk login attempts and require one or more strong authentication factors – none of them is necessarily a password. Managed, secure and compliant devices can sign in, but unknown and unregistered devices will be subject to multi-factor authentication. Should malware be detected, future login attempts will be denied from a particular device.
Okta also has a FastPass solution to improve user experience, ideal for companies who hire freelancers, contractors, and remote workers. Users can sign in on any device, reducing the frustration and time needed to reset or change passwords. This solution will be available soon, and will further enrich Okta’s passwordless offering. Read more about it in our fresh new eBook: Move Beyond Passwords.
Now, let’s review the top vendors that already integrate with Okta to create a passwordless MFA+SSO experience.
Use HYPR to transform a smartphone device into a FIDO Token. FIDO-Certified, HYPE offers a platform powered by Public-Key Cryptography and Open Authentication Standards. Backed by Samsung, Mastercard, and Comcast, it can help businesses minimize phishing, fraud and enhance business security. HYPR also eliminates fragmented identify infrastructure, unifying all of your remote login experiences, allowing companies to protect themselves online while permitting remote work.
Veridium uses biometrics such as face and fingerprint identification to restrict and permit user access. A secure MFA-backed solution, it allows users to authenticate apps and secure transactions at scale efficiently. Used within the finances, healthcare, and government sectors, it allows for rigorous security protocols which support highly-demanding compliance requirements.
Secret Double Octopus
Secret Double Octopus offers user-friendly MFA deployable both in cloud-native and legacy environments. Instead of entering a password, users simply approve an authentication request delivered in the form of cryptographically secure push notification to their mobile authenticator app, or FIDO2-compliant authenticator. Layering biometric authentication to access the authenticator itself results in passwordless MFA. Able to integrate with a wide range of apps such as Okta, Slack, HubSpot, Digital Ocean, salesforce, and WordPress, it is ideal for technology and eCommerce businesses.
With vulnerabilities identified in the current passwordless authentication methods, does the future of cyber security promise a higher level of security that will empower businesses and employees?
Well, the security sphere is certainly reactive in its response to cyberattacks, and there are plenty of new and innovative vendors offering advanced passwordless authentication alternatives. The problem is, analyzing each individual offer and deciding if it’s a good fit for your unique business model can take time. And, failing to choose the right option in a world where passwords are becoming obsolete means putting your business at risk.
With so many options available, it can feel a little daunting to analyze each and every passwordless authentication provider on your own. At GlobalDots, we invest a significant amount of time and resources testing this category’s most cutting-edge vendors. With our expert insight, we pinpoint the best passwordless authentication provider for your business use case. You no longer need to conquer the quest for supreme enterprise security alone.
A world leader in implementing B2B cloud and web innovation, we have helped over 500 business clients integrate enterprise-grade security solutions. Our team considers compatibility and integration depending on your architecture, headcount, and industry. By using a seasoned and certified integration partner like GlobalDots, you earn complete peace of mind that the implemented solution is bespoke to your unique business needs.
If you’d like to upgrade your level of cloud security by introducing passwordless authentication and integrating today’s most potent IAM platforms, feel free to contact our team today!