The drive to digital has made us all susceptible to new security risks as cybercriminals look to capitalise on the situation. 2019 was a record-breaking year for the number of breaches resulting in exposed records, and the recent cyberattacks to multinational companies including Kylie Cosmetics and Blackbaud suggest this is a trend which is here to stay.
Recent lockdown announcements mean it’s likely that widespread remote work will continue to be the norm for the foreseeable future. With so many of us connecting to home WiFi connections and using personal devices for work, workplace security risks have never been higher. It’s therefore crucial that employees are protected from groups looking to take advantage of the crisis – and this calls for a shift in the way organisations approach authentication.
Revisiting approaches to authentication
Under current circumstances, improving enterprise security is mission critical. Our recent research revealed just 18% of businesses say their current security solution is fully secure. The most likely causes of potential threats are human behaviours and, with 92% of Brits admitting to password reuse at home and at work even amid a rising number of data breaches, it’s easy to see why. The amount of time that IT and security teams spend managing users’ password and log in information has increased 25% since 2019.
These contrasting figures paint a picture of a complex security landscape, and clearly something needs to be done before it’s too late. With 85% of IT and security professionals agreeing that organisations must reduce the number of passwords being used on a daily basis, does this mean the end of the humble password?
The future is bright for biometrics
Biometrics has emerged as a key contender in the future of authentication. Biometric authentication relies on the biological characteristics of an individual to verify they are who they say they are. Common types include fingerprint scanners, facial recognition, voice identification and eye scanners, and its increased use is being driven by convenience and a reliance on hard-to-fake individual biological traits.
Formerly seen as a staple in every spy movie, biometric authentication is now an accepted part of the security landscape. And its use is on the rise, with 65% of consumers trusting fingerprint or facial recognition over traditional text-based passwords. This increasing comfort is likely down to frequent use of mobile devices and paints a picture of a changing tide in consumer security approaches.
But that’s not to say text-based passwords will disappear completely. While biometrics help to overcome the problem of users forgetting login credentials, it should be seen as more of a validation technique rather than an access method.
Passwordless authentication as a solution
When used properly, text-based passwords are more than effective as a secure means of authentication. Passwords have always been the foundation of authentication and there’s no reason why this shouldn’t continue. However, they should be used in conjunction with additional solutions to cancel out the risk of poor security practices.
Here, there are varying ways organisations can bolster passwords to strengthen their security infrastructure. Passwordless authentication, for example, enables users to login to devices and applications without the need to type in a password, streamlining the experience while still maintaining high levels of security.
Biometric authentication, single sign-on (SSO) and federated identity all serve as cornerstones of passwordless authentication technologies, but none of them will directly replace passwords. Instead, passwords will continue to be used in some way throughout the business and will need to be managed securely and efficiently. It’s therefore critical that, alongside the implementation of a passwordless authentication model, a simple and efficient password management solution is put in place.
Making passwords more secure
As our personal devices continue to bring biometrics into our everyday lives, it’s hardly surprising that people see it as the future of authentication. However, text-based passwords are more than capable of being a means of securing our information. The problems arise when individual password hygiene and security behaviour slip, putting organisations at risk in the process.
We’re unlikely to see the number of data breaches decline in the near future, and the reality is that password reuse will remain a fatal flaw leading to an attack. Organisations must put the focus on security awareness and fight back against the mentality of not being a risk. Beyond this, businesses can bolster themselves with enterprise tools to keep hackers at bay. Here, passwordless provides organisations with a highly intuitive and secure method of authentication – ultimately helping to make employees’ lives easier while improving security in a turbulent landscape.
By Barry McMahon, Senior Manager of Identity and Access Management, LastPass by LogMeIn