In this month’s webinar, Colin took a deep dive into passwordless authentication, discussing what it is, why it’s more secure and how it can benefit your organization beyond just enhancing security.

In the literal sense, passwordless authentication is any form of authentication that does not require a password. This can take many forms, from no password whatsoever, such as entering just a user ID, to more secure options such as PINs or biometric methods. In this webinar, we focused more specifically on robust forms of passwordless authentication that are more secure than traditional passwords.

Traditional passwords are vulnerable to various attacks that can happen from anywhere worldwide, potentially on multiple devices at one time. A common attack method is brute force, in which a simple computer program can be written that loops through all the options for a password, trying all the password options available, and eventually, it will be correct. Further, users are often required to make “complex” passwords for many accounts, leading to two potential issues:

1. Users will save all their passwords in a central location, so if that is breached, all the user’s passwords will be leaked.
2. Over 65% of people admit to reusing passwords across different accounts, thus, if one password is found, hackers will often try using the same password on different accounts.

Users may also be vulnerable to phishing campaigns, which oftentimes involve trying to get users to share their passwords.

This is where passwordless authentication comes in. The methods that will be discussed all require physical access to a device, often your phone. For example, biometric authentication requires both physical access to the device and either your face or fingerprint—both difficult for an attacker to obtain undetected. Without a password, hackers can’t use brute force attacks, there’s no central location to store passwords, and reusing passwords across accounts isn’t possible. Furthermore, passwordless systems protect against phishing attempts, as there’s no password to steal.

Research has shown that around 80% of security breaches involve a compromised password, so passwordless authentication significantly reduces the risk to your organization. Further, at Fortune 500 companies, users spend an average of 11 hours per year managing their passwords, whether that be searching for the account, creating passwords, resetting passwords, etc. By taking away the need for password management, this time could easily be repurposed into something significantly more productive. A Forrester study found that each password reset costs an average of $70, factoring in employee time and service desk costs. Gartner estimates that 30-50% of help desk tickets are related to passwords, making passwordless authentication a clear choice for efficiency and cost reduction.

Colin demonstrated how to use passwordless authentication with Microsoft Authenticator. Watching the video demonstration is the best way to see it in action.

Join us for our next webinar, Modernizing Professional Development Tracking at McMaster University, on Thursday, November 21, at 2 pm EST. Click this link to register now.