{"id":3616,"date":"2023-02-16T11:06:39","date_gmt":"2023-02-16T16:06:39","guid":{"rendered":"https:\/\/www.indigoconsulting.ca\/?p=3616"},"modified":"2024-01-31T18:12:53","modified_gmt":"2024-01-31T23:12:53","slug":"why-passwords-are-on-the-way-out","status":"publish","type":"post","link":"https:\/\/www.indigoconsulting.ca\/fr\/blog\/why-passwords-are-on-the-way-out\/","title":{"rendered":"Is it time to shift to passwordless? Why passwords are on the way out"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"\"<\/p>

Passwordless authentication has been steadily growing in recent years. New technologies and increased cyber attacks have made IT leaders and consumers more ready to explore the shift to passwordless.<\/span><\/p>

The overall market share of passwordless authentication tools is a strong reflection of the growing push to leave passwords behind. The passwordless authentication market is expected to grow from <\/span>US$12.8 billion in 2021 to US$53 billion by 2023<\/span><\/a>, an impressive CAGR of 16.7%<\/span><\/p>

Additionally, consumers are starting to see how they can stop remembering while maintaining security with passwordless technologies. A recent study found that <\/span>61% of consumers are willing to use non-password login methods,<\/span><\/a> with 45% of respondents indicating they are very comfortable with using non-password methods.<\/span><\/p>

Both IT leaders and consumers have relied on passwords to secure identities for decades, but now it\u2019s possible to leave them behind.\u00a0<\/span><\/p>

Is it time for your organization to shift to passwordless? What exactly does passwordless mean, and what\u2019s involved in shifting to it? Keep reading to learn more about this emerging authentication practice and how your business can put it to work.<\/span><\/p>

What Exactly is Passwordless Authentication?<\/strong><\/span><\/h2>

Passwordless authentication is an umbrella term for any technology or process allowing users to log in with an alternate form factor other than a password. Organizations can choose the best factor authentication for their needs and consumers\u2019 convenience or use several of them.<\/span><\/p>

Identity and Access Management<\/span><\/a> (IAM) is an overarching framework focusing on managing how users or customers access resources and what they can do within them. As a result, passwordless is a <\/span>cornerstone trend shaping the future of IAM<\/span><\/a>.<\/span><\/p>

Passwordless uses a familiar process many users are already familiar with; however, implementation at the IT level can be a challenge. Yet, when done correctly, shifting to this new authentication methodology can provide powerful benefits for both users and enterprises.<\/span><\/p>

Is Passwordless Still Secure?<\/strong><\/span><\/h4>

Let\u2019s take a small step back; why do we even use passwords? They\u2019re a form of authentication to help secure accounts and company resources. <\/span>Authentication is any method that validates a user<\/span><\/a> as the valid owner of the identity they\u2019re attempting to use.<\/span><\/p>

Authentication is all about security; it\u2019s not inherently reliant on passwords. Passwordless uses new technologies and processes to provide the same, or better, security as passwords. Shifting to passwordless also provides customers and employees with a frictionless authentication experience that leaves password resets behind.<\/span><\/p>

Multi-Factor Authentication vs. Passwordless<\/strong><\/span><\/h4>

A common misconception about passwordless authentication is that it\u2019s a new way to describe Multi-Factor Authentication (MFA). However, MFA is a specific authentication practice; it\u2019s not the same as going passwordless. In fact, <\/span>72% of IT leaders indicate passwords<\/span><\/a> are an integral component of their MFA strategies.<\/span><\/p>

MFA is a process of increasing the confidence that a login attempt is being made by an authorized user. Many organizations use MFA as part of their passwordless process, but they\u2019re not equivalents.\u00a0<\/span><\/p>

What Enables Passwordless Authentication?<\/strong><\/span><\/h2>

So what exactly allows enterprises to make passwords a relic of the past? First, let\u2019s explore authentication factors and new technologies behind the shift to passwordless.<\/span><\/p>

Three Overall Authentication Factors<\/strong><\/span><\/h4>

Passwords are only one of the three core categories of authentication factors. These categories cover a range of possibilities and are:<\/span><\/p>

  1. Inherence factors: <\/b>Something inherent to who the user is, such as facial recognition, fingerprinting, voiceprints, or any other biometric that, is a substantial challenge to fake.<\/span><\/li>
  2. Possession factors:<\/b> Something you have, like an RSA key, access to your email address, or your smartphone. While malicious parties can still obtain them, they\u2019re significantly more challenging.<\/span><\/li>
  3. Knowledge factors: <\/b>Something you know, such as passwords, pins, or answers to security questions. These are easier to guess or brute force than other factors.<\/span><\/li><\/ol>

    You can see how the first two factors have only been made possible with recent technology. In the past, knowledge factors were essentially the only option. Now, we have a range of tools at our disposal to improve authentication processes.<\/span><\/p>

    First IDentity Online (FIDO): The Key to Passwordless<\/strong><\/span><\/h4>

    FIDO is a foundational technology behind passwordless authentication factors. Reviewing how the overall process plays out demonstrates how it differs from passwords:<\/span><\/p>

    1. The user follows a prompt to use a FIDO authentication factor, such as a fingerprint reader or second-factor device<\/span><\/li>
    2. The user then unlocks the authenticator, generating a unique public and private key pair<\/span><\/li>
    3. Then, the user logs into the service using the same factor they chose during the initial registration<\/span><\/li>
    4. Lastly, the user\u2019s device varies the public\/private key pairs are a match and logs the user in<\/span><\/li><\/ol>

      It\u2019s worth highlighting that the first step can still be a password rather than another authentication factor. However, many customers and employees are already familiar with this process, so replacing the password with an alternative factor will create a better user experience.<\/span><\/p>

      Additionally, the above process is a general overview and can be modified with additional authentication factors as necessary. To bolster security, you may also consider contextual factors, such as IP address, device, or time of day.<\/span><\/p>

      Specific Types of Passwordless Authentication<\/strong><\/span><\/h4>

      What specific methods for handling the first step in our FIDO process? Passwordless authentication uses either possession or inherent factors, leaving knowledge factors behind.<\/span><\/p>