Ben Goodman, who is the SVP of Global Business and Corporate Development of ForgeRock, believes that passwords should be a thing of the past. In Goodman’s opinion, we should all be gravitating towards a passwordless future.
This is because threat actors with access to one user’s set of pilfered login credentials can reuse that password and username to infiltrate accounts with much more sensitive data, including financial, healthcare or professional accounts. As a result, Goodman explains, it is not surprising that four out of five global data breaches are caused by weak or stolen passwords (a finding supported by the Economic Times). Moreover, the World Economic Forum has found that the average annual large company spend on password resets is over $1 million.
Expanding on these issues, Goodman explains: “Passwords and usernames have been the primary method for authenticating users for years.” The problem is that as our digital economy expands, people, as they create new accounts, tend to recycle the same passwords. This could be for social media or for a person’s bank account. As well as passwords, the same under-name combination also have a tendency to be re-used. This makes it easier for a hacker to gain access to multiple accounts. Multi-user authentication, says Goodman, is the solution to this very real concern.
He adds that, for companies that can afford to employ as password manager, event here there are dangers since “there is still a password and username combination being used to login to applications, which means it can still be attacked by a bad actor who gains access to the information.”
In terms of remediation, Goodman recommends that “Password challenges can be solved by leveraging technology that provides a passwordless user journey.”
What this means is applying biometrics or push notifications. By introducing these measures, then companies can offer the same level of authentications that “users have experienced on their smartphones with technologies like FaceID from Apple or Samsung’s Ultrasonic Fingerprint scanner. ” In other words, digital touchpoints in businesses can become as secure as technology outside of the enterprise environment.
Goodman concludes his analysis for Digital Journal by stating: “By adopting a passwordless approach, organizations provide users with frictionless, secure digital experiences.”
