logo

Select Sidearea

Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.
hello@youremail.com
+1234567890

TWIN CITIES IT SUPPORT: 612-279-2400

What Is Passwordless Authentication and Why Is Everyone Talking About It?

Follow Us on Social Media!

Countless cybersecurity awareness training sessions have been dedicated to passwords over the years. Their typical objective is to keep employees from using passwords that are too weak, sharing them with their colleagues, and storing them in an unsecured manner.  

But after everything that has been said and written about password security, increasingly many cybersecurity experts are now saying that the era of the password is over.

The alternative they advocate is called passwordless authentication, and this article explores what it is and why all SMBs should pay attention to it.

What Is Passwordless Authentication?

The term passwordless authentication can be used to describe any authentication method in which a user can access protected resources without entering a password.

Instead of traditional passwords, passwordless authentication solutions rely on the following authentication factors:

One-Time Codes (OTC):

Typically provided via text messages or smartphone apps, OTCs are short numerical or alphanumerical codes that are valid only for a limited time and can be used just once.

Biometrics:

From fingerprints to retinal scans to face or voice recognition, there are many biometric identifiers that can be used instead of traditional passwords.

Magic Links:

The so-called magic links are special one-time password authentication links that are delivered via email or instant messaging apps to users who request access to protected resources.

Push Notifications:

Log in requests can also be authenticated using push notifications delivered to employees’ mobile devices. Push notifications are convenient because no additional actions are needed to access them.

Hardware Tokens:

Various USB, Bluetooth, or NFC hardware tokens can serve as physical barriers between cybercriminals and any data they find valuable.

Each of the above-described authentication factors has its advantages and disadvantages (ease of use, implementation cost, etc.), and any organization that decides to go passwordless should carefully evaluate them while keeping in mind its own unique needs and priorities.

MFA vs Passwordless Authentication

Passwordless authentication revolves around the elimination of passwords from the authentication process. But alternative authentication factors are not invulnerable.

For example, cybercriminals use mobile malware and the so-called SIM swapping techniques to intercept one-time codes, and there have been many cases of employees getting their hardware tokens stolen. That’s why passwordless authentication is often paired with multi-factor authentication (MFA).

As its name suggests, MFA is an authentication method that adds one or more extra layers of protection by requiring users to provide at least two different authentication factors, such as a hardware token and a one-time code.

That said, most MFA implementations are not passwordless. Instead, they combine traditional passwords with one alternative authentication factor. The reason for this is that organizations still widely rely on legacy systems, many of which don’t support passwordless MFA.

Should Small Businesses Ditch Passwords?

The short answer is: yes, at least eventually.

Passwords represent a major cybersecurity threat because employees still neglect basic password best practices, such as never revealing their passwords to others and not using the same password over and over again.

Passwordless authentication solves this problem by largely removing the human factor from the equation, rendering brute force methods and credential stuffing attacks useless.

Of course, employees can still fall for phishing scams and authorize malicious requests, or their devices can become infected with malware capable of stealing one-time codes, but such threats can be addressed separately.

By ditching passwords, organizations can also boost their productivity because the average person spends 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords.

Start Your Passwordless Authentication Journey

Passwordless authentication is still not as widely supported as most cybersecurity professionals would like it to be.  

For example, Google announced its decision to implement passwordless support for FIDO Sign-in standards in Android and Chrome only this May, and not many companies SMBs often rely on are considerably further ahead.

Still, you can start your passwordless authentication journey today by partnering with a managed service provider who knows what it takes to get rid of passwords and can help you plan for a passwordless future—like us at TechGen.

With us by your side, you can be among the first organizations in your industry to go passwordless and reap the security and productivity benefits associated with the modern authentication method.

Let's Chat! Contact Us Today.

Fill out the form below and one of our IT experts will be in touch with you shortly to discuss all your your IT needs.

Share This Article With a Friend!