Passwords have been the mainstay of security and authentication for decades. Most users have an average of 20-30 logins for different sites and almost all of them require the use of a password. With all the innovation and new tech these days, especially at our fingertips via our smartphones, we should have phased out passwords by now. Yet companies are instead releasing new technology to manage passwords and repeating the same age-old advice about making passwords “stronger” after breaches.
Most of us can agree a world without passwords is easier and more secure. So, what’s holding us back? Let’s look at the reasons why many companies are holding on to this truly archaic and insecure method of authentication:
For business, change usually comes at a cost – and it’s often the number one reason why we don’t see more companies investing in different security methods. Password-based authentication is essentially a free method that comes built into most systems. Some businesses like banks, insurance companies and retailers are willing and able to invest in more secure password-based authentication solutions. However, when you look at the cost associated with these methods it’s no surprise why more businesses don’t adopt them. Take SMS-OTP for example. A business must pay a price every time it sends a user a one-time password via short message service. With multiple users logging in multiple times, this can add up quickly. Moreover, users often tire of the SMS-OTP process and avoid logging in altogether-resulting in lost revenue. The savings over SMS-OTP solutions and increased security with a passwordless authentication system is worth evaluating.
Most CMO’s are leery of introducing change to their online community. We’ve all seen something as simple as a new font color cause a public outcry. According to Justin Misfud, founder of Usability Geek, “88% of consumers are less likely to return to a site after a bad experience.” Logging in is typically the first step of that experience, so it’s understandable why CMOs, CTOs and CSOs fear users would find alternate methods of authentication is too cumbersome. But their perception is wrong – according to a recent study 28% of shoppers attributed their cart abandonment to having to log in or create an account on a retailer’s website. The reality is there are easier authentication tools out there that can actually improve the user experience. By eliminating typing, in addition to making use of mobile tap, swipe and scan capabilities, application developers can design applications with both simple and secure authentication methods built right in. This can improve customer experience drastically.
According to Gartner‘s 2019-2020 CMO Spend Report, CMO’s are outspending CIO’s in technology. CMO’s have the expertise to maximize the user experience but may not be using the latest and greatest technology. CIO’s and CISO’s have the expertise to secure the organization. If there was more teamwork between CMOs and CIOs/CISOs, and each were tasked with improving the user experience and securing the enterprise, you would see increased innovation when it comes to security and authentication. Technological innovation must take into account security, customer experience, employees and customers. By bringing together key decision makers in the organization that impact can truly be felt.
Why passwords have to go
Passwords have become more of a liability than the security asset they were intended to be. Businesses don’t like paying to secure them, users don’t like creating them, but above all, they’re just too easy for hackers to steal. Centralized identity credential vaults are at the top of the list for hackers to breach.
It’s time for companies to seriously weigh the problems that passwords create for themselves and their users against the benefits they provide. There are passwordless technologies emerging and given the benefits and cost savings, they can be affordable. For every user out there, authentication should be simple and secure.