The growth in work from home and hybrid work has challenged IT teams and users. Users expect to work from anywhere, on any device, and IT is often overburdened trying to resolve and simplify access issues. This may spur the move away from password authentication, providing welcome relief to frustrated users and weary IT and network admins.
Passwords represent probably the most prevalent and least satisfying security experience for workers, customers, and anybody else that has to log in to network and computer assets. As the SANS Institute points out, “people are becoming overwhelmed with not only all the different, complex rules on how to use passwords but simply the number they have to manage.”
That leads to less than ideal security practices such as reusing common and easily guessed passwords and writing down passwords that could be viewed by others. Password management soaks up innumerable hours where IT and network admins spend time helping out users who have forgotten their passwords and locked up their accounts after multiple attempts.
Simplifying enterprise security
While it may seem counter-intuitive, fewer passwords and less reliance on them would actually make for more secure devices, enterprise networks, and cloud services.
With more devices and services to log into, particularly given the rise in remote work, some individual users are either relying on non-secure practices such as using the same password for multiple devices and services, or constantly asking call desks to intervene when they get locked out.
To improve security of passwords, multi-factor authentication (MFA) requires users to provide a second form of recognition to gain access, such as a code, push notification, or biometric technology —such as fingerprint, voice, or retina image—to identify that person.
Moving to low-friction authentication
A recent report from Cisco’s Duo Security confirms that enterprises are taking steps to move away from passwords and adopting low-friction authentication methods to protect the hybrid workforce.
Data analyzed from more than 36 million devices, over 400,000 unique applications and roughly 800 million monthly authentications from across Duo’s global customer base, found that Duo MFA authentications increased 39% in the past year, while biometric authentications grew even faster at 48%.
“Some authentication methods are simply more user-friendly than others,” the Duo Trusted Access Report notes. “Remembering hundreds of passwords that are 20+ characters long can be daunting. A password manager application can go a long way in helping to simplify that process, but MFA or biometric security can help even more.”
Authentication utilizing a method such as WebAuthn eliminates the need for users to retain a large cache of authentication passwords by acting as both the first and second factor. WebAuthn, which Duo observed a five-fold increase in since its introduction as an open standard by the Wide Web Consortium (W3C) in April 2019, enables biometrics to be securely stored and validated locally on the device, as opposed to a centralized database.
Most users already carry the required hardware for passwordless authentication in their pockets – biometrics were enabled on more than 71% of Duo customer mobile phones. Given this ready access to the required tools, Duo also found that more than half of organizations are planning to implement a passwordless strategy.
User-friendly payoff
A passwordless future is closer than ever and the payoff for organizations is that leveraging more user-friendly authentication leads to greater security.
“We’ve now reached the point where the user experience is a security control in and of itself,” said Dave Lewis, Global Advisory CISO at Cisco. “Enterprises are moving toward new, more effective ways of handling access control and seeing in action how democratizing security can go a long way in enabling hybrid workers to focus on their core competencies without sacrificing security.”
Duo is part of Cisco’s industry-leading zero trust solution, securing access for any user, from any device to any IT application or environment.
To learn more about the road to a passwordless future, visit duo.sc/pwless-info.