Gerald Beuchelt, CISO at LogMeIn, looks to the future of cybersecurity and proposes that workplaces will be passwordless soon enough
This year has shaped up to be one of the most challenging for many organisations worldwide. With a pandemic driving a large-scale transition to remote work, and cybercriminal activity taking advantage of the situation, online security is in the spotlight. Recent research found that 67% of breaches are caused by credential theft and social engineering attacks that capitalise on moments in time like COVID-19. And, today’s IT teams are spending an average of six hours a week on password-related issues alone – an increase of 25% from 2019. With these mounting frustrations from both IT and users, as well as growing risks, the question becomes: why do we keep relying on passwords?
An ingrained love of passwords
Passwords have been a reality of daily life since we can remember. They continue to be the easiest and most used form of authentication both at the business and personal levels. Yet, they also continue to be one of the major drivers for vulnerabilities, and with a workforce that is operating remotely for the foreseeable future, it is paramount to find a solution that reduces risk.
In our most recent LastPass report, “From Passwords to Passwordless,” we found that password security is one of the main sources of frustration for the IT department, particularly when issues are derived from user behaviours like password reuse. For employees, top frustrations lie in convenience like changing passwords regularly, remembering multiple passwords and typing long, complex passwords. There is a clear disconnect between the security priorities of IT and the user experience demands of employees. So, what can be done to alleviate the password problem?
Despite questions around the future of the password, 85% of IT professionals surveyed do not think passwords are going away completely. Yet, over 92% believe that delivering a passwordless experience for end-users is the future for their organisation. The answer to the password predicament is simple: rather than eliminate passwords completely – change the way we interact with them. This is where passwordless authentication comes in.
How would passwordless logins work?
A passwordless login experience means that while passwords may still exist in the IT infrastructure, the employee will not have to manually enter a password during their login. It brings several benefits such as reduced IT costs by eliminating password related risks, increased productivity amongst employees as they save time on remembering and/or changing passwords, and stronger security by guarding every access point with more secure forms of authentication. However, moving into a passwordless approach requires choosing and implementing the technology that fits your organisations’ needs. Some of the methods to choose from are:
Implementing single-sign-on (SSO) can help secure and simplify managing access no matter where employees are located. Through a protocol – such as Security Assertion Markup Language (SAML) – SSO establishes a secure line between an identity provider and a service provider, meaning it creates a link between where IT manages employees access information and the application users want to login into. SSO allows for employees to reduce the number of passwords they must remember or update, boosting their productivity and minimising the risks associated with credentials.
Enabling multifactor authentication (MFA) provides IT teams with the tools to manage access at the individual user level, defined groups or even by job role. MFA considers a multitude of factors such as location, IP address or biometrics (face ID) versus only one factor – such as a password – prior to granting access to an application. By prompting a user for additional information when logging in, IT can be confident that the person requesting access is indeed who they say they are. It also streamlines the process for the final user that will have a faster and easier login experience.
What should workplaces do next?
Organisations and users alike, should keep in mind that passwords will still be in use for a long time. Combining a passwordless login experience with a password manager will be the best way to secure all access points while delivering a seamless login experience.
As we continue to navigate a “work from anywhere” world, many elements are outside the IT teams’ control. From users’ devices and Wi-Fi connection, to the apps and websites they frequent, remote work has increased the risks and the variables that need to be thought of. Is your organisation ready to go passwordless? Start examining the best way to implement a seamless, streamlined and secure way for employees to log into all their work, no matter where they are located – today.