- Passwords are no longer safe - many organisations are turning to alternative forms of cyber security.
- 56% of IT professionals believe that eliminating passwords would improve the overall cybersecurity of their organisation.
- Cybercrime is set to cost the global economy US$2.9 million every minute in 2020 and approximately 80% of these attacks are password related.
Identity verification is the key to creating a world without passwords and a future without massive data breaches. Many organisations are turning to other forms of cybersecurity as passwords are no longer a safe method of identity verification.
For years passwords have been the preferred way of account identity verification, but managing multiple passwords or continually reusing the same password or having passwords becoming easier to guess, users are now recognising how vulnerable the tactic can be.
According to a recent report by Yubico, 56% of IT professionals believe that eliminating passwords would improve the overall cybersecurity of their organisation, and 54% believe that eliminating passwords would also improve user convenience.
The problem with traditional passwords
Login credentials get stolen all the time. According to the World Economic Forum, cybercrime is set to cost the global economy US$2.9 million every minute in 2020 and approximately 80% of these attacks are password related.
Password capture and replay is a significant and constant threat to the security of networks. Some infiltration methods include back door attacks, denial-of-service attacks, malware, credential phishing, and credential stuffing.
McAfee conducted a consumer survey and some alarming statistics emerged:
- Respondents said they have an average of 23 online accounts that require passwords, but on average only use 13 passwords for those accounts
- 31% surveyed only use two to three passwords for all their accounts
- 32% say they forget a password once a week
Technology around passwordless verification
Biometrics used for identity verification is powerful because they are extremely difficult to recreate, it requires the physical presence of the individual to authenticate, as well as it can be bound to a specific mobile device or computer. Many smartphones already make use of touch ID or face ID sensors for authentication.
A Veridium survey which polled 200 senior IT administrators from organisations employing at least 500 people or more, had a key finding that 63% of respondents whose companies had endured a data breach were either busy implementing biometric authentication or plan to implement one.
In addition, 65% of IT professionals believe that the use of biometrics would increase security in their organisation, and 52% said a hardware security key would also be a better form of security than a password (Yubico).
With regards to the storing of biometric data, there are methods for biometric authentication that do not require central storage of biometric data which adds another layer of security.
There is a growing need to evolve the intelligence, strength and complexity of the systems that work alongside passwords. Passwords may not be on their way out altogether just yet, but biometrics means that authentication rather than just passwords are the future.
The cost of defending cyber attacks, and the loss of data far outweigh the cost of implementing some form of biometric authentication – organisations are thus urged to consider passwordless authentication as a means to safeguard costs and data.
IQbusiness is independent management consulting firm. Sifiso Skenjana is the Chief Economist and Thought Leadership Executive at IQ Business.