Think of how many passwords you have created in your life. Or maybe think of how many times you have used the same one to three passwords. We try to remember them all, create a saved list in our phone or maybe we even have an app, with a password, to remember all of our passwords. If you’re thinking all these random combinations of your college mascot and the year you were born seems like a crazy way to protect your info, it’s because it is.
Passwords are becoming an extremely outdated method of protection. Cybercrime is on the rise and passwords are one of the biggest vulnerabilities being exploited. If a hacker is able to access just one password, then it is likely that they can gain access to multiple accounts across all platforms that use that password. They are also then able to access the accompanying data linked to those accounts, such as credit card and bank information. This is why we are seeing such a rise in fraudulent charges and other scams using personal data. The lack of protection that passwords are able to provide today has led to the concept and creation of the ability to go passwordless.
Many companies are now encouraging passwordless authentication and encouraging others to adopt this as well in order to relieve the burdens of traditional passwords and allow for much better protection. This allows you to verify your identity and login without the use of a username and password. Most of these methods use a form of multi-factor authentication on a user’s personal device, which uses public-key cryptography to enable secure authentication to the system. This involves using a pair of cryptographic keys: a private key that’s kept secret on the user’s device at the hardware level, and a public key that is stored on the Passwordless Cloud. The login process looks like the user sending an authentication request from their device to the cloud, which is then met with the challenge that needs to be met sent back to the user’s device. Once the user securely verifies their identity, the cloud is notified and authentication is complete, which grants the user access. This process happens extremely fast and without the potential of sending vulnerable data.
Passwordless authentication is now being considered much more secure than password authentication and also a much faster, efficient and cost-effective option. One of the companies using this technology is Hypr, a recent partner of Remedi Security. According to a study by Hypr, “78% of people have forgotten their password and had to reset it in the last 90 days within their personal life and 57% within their work life.” This method removes the burden of remembering passwords, and even worse, having to reset them every time you forget. In the workspace, this would allow IT departments to focus on higher priorities instead of being bogged down with helping employees with account access. It also allows for higher productivity in the workplace since there is no time wasted logging in and out. In the long run, traditional methods of protection can be costly when it comes to staff maintenance, as well as even more costly to remediate when a breach occurs.
Alleviating these costs will also allow room for more profit. Companies will be able to build their reputation as customers see that they have taken steps to be as safe from cyber threats as possible. This positive reputation can bring in new business, while maintaining current business through this improvement in protection. A major area that has been negatively impacted financially from the hassle of passwords is online shopping. There has been a growing number of “cart abandonments” from the frustration of being prompted to login to complete your checkout. Shoppers would rather just not make their purchase than having to take the time to go through the recovery or recreation of a forgotten password. This is where using passwordless protection not only saves businesses money, but also creates more incoming profit.
Overall, Hypr and other companies adopting passwordless authentication are taking steps in the right direction and no longer giving hackers easy access to your valuable data. They see the value in protecting your information, your time and your money. Any “shared secret” such as passwords,PINs, 2-Factor SMS codes and One Time Passwordsleaves you extremely vulnerable and it will likely continue to be an escalating problem in the world of cyber security. At Remedi we want to help you and your company stay up to date on the best ways to protect against cyber threats. If you are interested in any of our services, including the switch to passwordless authentication, please reach out to learn more.