News & Insights
Insights12th June 2019
A World Without Passwords – Moving Towards the Next Generation of Cyber Security
Staying ahead of the curve
The cyber threat landscape is evolving at a rate that companies are struggling to keep up with. The number of cyber crime incidences in Ireland have increased substantially, with 61% of companies reporting a cyber attack in 2016 compared to 44% in 2014. With cyber criminals outspending organisations by 1000%, even more attacks are expected in the future. With all of these factors combined, companies are more vulnerable to cyber attacks than ever before and it is important to stay ahead of the curve when ensuring the security of your network.
In a previous post, we outlined some of the most common cyber-attack tactics. Top of this list was interface-level attacks, such as brute-force and dictionary attacks. While many companies implement strong password policies, research has found that the costs outweigh the benefits of using passwords as a first line of defence. A recent report by Microsoft and Amarach Research produced some worrying findings on the use of passwords in Irish organisations. The most damning statistic shows that only 16% of employees had updated their passwords in the previous 12 months. Looking at this report and the glaring vulnerability of passwords, companies will be asking an obvious question; if not passwords, then what?
With 81% of hacking related breaches using either weak or stolen passwords, IT security trends are moving increasingly towards password-less authentication. In this piece, we will examine the benefits of implementing password-less authentication within your organisation.
What is password-less authentication?
Requiring two or more verification factors to sign-in, password-less authentication is a form of multi-factor authentication that replaces the password with a secure alternative. In the case of Microsoft’s Authenticator App, for example, users add their accounts to the app and enable the phone sign-in feature. To log in to an account, all that the user needs to do is enter the username. Instead of entering a password, the user gets a phone notification prompting approval. At its core, the underlying principle of password-less technologies is to eradicate the use of passwords and thereby drain their value for attackers.
Why move beyond passwords?
We’ve briefly touched on the vulnerabilities of passwords and what password-less technology is. But why should your company begin to move away from password-led technologies? We outline some of the benefits below.
- Security – With the number cyber-attacks on the rise, industry leading organisations are now accelerating their adoption of password-less authentication. As the modern workplace becomes more prominent and companies adopt flexible working options with employees, there is a growing risk that the behaviours of employees will have the unintended consequence of making employers more vulnerable. In the Microsoft commissioned research mentioned above, 56% of respondents work remotely and almost half of these have no restrictions on access to documents when doing so. A separate Microsoft report found that implementing MFA can reduce the risk of being compromised by up to 99.9% and can be one of the most impactful steps in reducing a company’s identity risk. Multi-factor authentication can deliver a higher degree of trust and security for apps, devices and service providers as it removes the need to store passwords.
- Reduced Costs – Making the transition away from passwords is cost effective for organisations, as IT teams can be freed from addressing endless password problems. A report by Forrester found that large organisations spend up to $1 million each year in staffing and infrastructure expenses to handle password resets. This doesn’t include time and productivity lost. With an intuitive sign-in/sign-up experience, help desk costs can be reduced and IT teams can increase productivity.
- Increased Productivity – Providing employees with faster, easier and more convenient ways to sign-in and access work data from anywhere, replacing passwords with Multi-Factor Authentication can improve productivity without high-security risks. With no passwords to create, store or remember, users can sign-in faster to use applications and services.
Simply put, passwords are a liability and the need to move away from them is abundantly clear. However, no change is easy; the successful revolution of password-less technology relies heavily on user acceptance. This may require an awareness drive on how these new technologies enable users to become more secure and productive. With hackers easily able to steal or guess passwords, poor habits of employees can further increase the risks. With MFA, these issues are in the past.
From a technological point of view, reducing the use of passwords and eventually eliminating them can help create a sea change in both security and productivity in organisations.
To take the first step towards more secure authentication, speak to the ActionPoint team today about how you can easily implement Multi-Factor Authentication (MFA) in your organisation.