A report published by the World Economic Forum (WEF), in January this year, claims that discarding the use of passwords altogether will be a safer option and lead to more efficiency in business. According to the report, four out of five data breaches occur due to weak passwords that hackers exploit to inflict huge losses on organizations.
It is estimated that USD 2.9 million will be spent globally every minute this year to avert cyber crimes. PINs, passwords, or any knowledge-based authentication method is only a hassle for users to remember but costs a significant amount of money to maintain. Password resets are believed to make up to 50 percent of the IT help desk costs in large businesses. An IT staff spends two-and-a-half months on an average per year just resetting internal passwords, with each reset costing around USD 70.
Password-less authentication should not be misinterpreted as removing all security protection, but it calls for looking at newer safeguarding methods involving artificial intelligence or machine learning to increase safety and efficiency.
The report, produced in collaboration with the FIDO Alliance, which is an open industry association dedicated to reducing the use of passwords, lists five technologies that could be implemented by global companies. They are biometrics, behavior analytics, zero-knowledge proofs, QR codes, and security keys.
“Relying on passwords as the primary means for authentication no longer provides the security of user experience that consumers demand,” said Andrew Shikiar, executive director and chief marketing officer at the FIDO Alliance.
Technological advancements in the field of biometrics and facial recognition software have opened up new avenues of data protection. Bank login credentials are sold on the dark web for less than USD 10, putting not only individuals at risk but causing a huge headache for businesses and even government organizations. A weak password management system is every hacker’s dream, and even a single platform breach has a cascading effect that puts millions of users and interconnected organizations at risk.
Password-less mechanism wards away attack like phishing and credential surfing. Artificial Intelligence-based protection systems do not require the storage or transfer of sensitive user information over the internet, reducing the risk of data breaches. Password-less authentication makes use of both a particular application and the device. Two distinct authentication factors provide better security than the conventional password protection mechanism.
Another advantage of moving to a password-less world is that it provides a better user experience. Artificial Intelligence technology mimics how people recognize each other through physical appearance and reduces the hassle of remembering passwords or typing on a foreign keyboard. The idea is to allow users to complete authentication processes from their own devices.
The WEF report suggests that going password-less is the way forward and will not only cut costs but increase revenue by boosting production and bettering customer ratings. From a strategic angle, it will change the dynamics of competition by harnessing the power of interoperability. It allows digital services to provide novel ways of transacting. The development time is drastically cut down and allows global compatibility and expansion.
Authentication solutions at the present are majorly knowledge-based, and it is probably time to switch to a password-less future keeping in mind the myriad benefits, including lower cost and higher yield. The world of password authentication will continue to develop and diversify but the first step towards a safer data environment will be giving up passwords.