Traditional authentication using a username and password has been the foundation of digital identity and security for over 50 years. But with the ever-growing number of user accounts, there are a number of new issues: the burden on end users to remember multiple passwords, support costs, and most importantly, the security risks posed by compromised credentials. These new challenges are now outweighing the usefulness of passwords. The case for eliminating passwords from the authentication experience is getting more compelling every day.

Emerging passwordless security standards, elevated consumer and consumer-like experience expectations, and ballooning costs have moved eliminating passwords from a theoretical concept to a real possibility. In this whitepaper, we will explore the case for going passwordless for both customer and employee authentication, and map out steps that organizations can take on their journey to true passwordless authentication.

The quest to move beyond passwords

Understanding the need for passwordless authentication starts with understanding the challenges presented by passwords. The core challenges with passwords can be broken down into the following areas:

  • Poor Account Security
    Passwords have spawned a whole category of security/identity-driven attacks — compromised passwords due to credential breaches, phishing, password spraying attacks, or poor password hygiene can result in account takeover attacks (ATO). In order to combat these attacks, organizations can start by leveraging an additional authentication layer, i.e multi-factor authentication (MFA).
  • Poor User experience
    Passwords are frustrating. Best practices on password choice varies, but at the very least, we know they should be unique and hard to guess but easy to remember. A survey by the University of Oxford predicted that roughly a third of online purchases are abandoned at checkout because people cannot remember their passwords.
  • Increased Costs
    The costs associated with passwords outweigh any benefits of using passwords. Password management is one of the top reasons why people call call-centers. Reducing the support burden imposed by passwords is mission-critical for organizations.

Evaluation of current authentication method

Current authentication methods use factors such as knowledge, possession, or biometric authenticators. Organizations frequently combine one or more factors and behavioral attributes to drive access decisions. The belief is that by having additional layers of security, you lower the odds that an attacker can gain access to a user’s account.

Getting started with passwordless authentication

Moving beyond passwords requires some deep thought. Before organizations decide to eliminate passwords, we recommend a gradual approach by looking at threats, technology, user journeys, costs, adoption friction, and implementation.

Common approaches to going passwordless

Eliminating passwords and going passwordless can be accomplished using a number of different technologies. Approaches such as email magic link leave an encoded OTP token or live link in the body of a secure email, while approaches like WebAuthn leverage public-private key-based cryptography to ensure secure authentication.

Okta offers a number of passwordless approaches. In this section we will look into some of the major approaches to going passwordless.

Planning for a passwordless future

The adoption of password-less authentication is one of the most impactful steps that can help organizations and services manage a range of security risks and deliver on a seamless customer experience. Organizations are now moving towards the adoption of passwordless authentication. But going passwordless is not a revolutionary process, but more likely an evolutionary process.

Therefore as organizations embark on this journey, we leave you with a roadmap with a few simple options before moving towards true passwordless authentication. Going passwordless requires careful thought and planning. Organizations need to think about the entire authentication lifecycle from secure enrollment, migration from passwords, deployability, recovery, and off-boarding. Organizations that understand all aspects and needs will be well positioned to build a passwordless journey to eliminate identity attacks, deliver delightful experiences, and grow their business.

Emerging passwordless security standards, elevated consumer and consumer-like experience expectations, and ballooning costs have moved eliminating passwords from a theoretical concept to a real possibility. In this whitepaper, we will explore the case for going passwordless for both customer and employee authentication, and map out steps that organizations can take on their journey to true passwordless authentication.

To read full download the whitepaper:
Move Beyond Passwords

SEND ME WHITEPAPER