Despite Hype, the Password-Free Workplace Is Still a Long Way Off

More than half of organizations are nowhere near ditching passwords, even as cyberattackers continue to have a field day with workers' poor credential choices.

Blue Post-it note stuck to a computer keyboard on which is written: My Password 123456"
Source: designer491 via Alamy Stock Photo

Despite the ever-increasing security risk of using passwords for authentication in the workplace, most organizations are still far from a completely password-free reality, though the slow evolution toward this potential endgame already has begun.

According to the findings of a new surveyreport published by privileged access management (PAM) solution provider Delinea on Nov. 16, passwords are still relevant to the workplace, with more than half of the surveyed group (53%) acknowledging that passwordless technology's use is in a slow state of transition.

"Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors," observes Ricardo Amper, founder and CEO at integrated identity provider Incode. He says the move empowers individuals to take greater control of their data, "especially in response to the ever-evolving landscape of cyber threats."

That may be, but most organizations remain years away from a password-free reality, according to the Delinea study.

Thirty percent of those surveyed acknowledged that their organization already has started this transition, but 36% are still one to two years away from starting to do away with passwords. Twenty-one percent of those polled are even further out — three to four years — from replacing passwords with other types of authentication technology.

The Password Problem

Most agree that with the enormous amount of data stored both in the cloud and on enterprise systems, a move away from using passwords as the only barrier between threat actors and sensitive data is necessary. Even after decades of warnings from security experts to create strong passwords and change passwords frequently, people are still lazy when it comes to password hygiene, which increasingly has exposed enterprise applications and data to threats.

Two recent surveys provide clear evidence of this. One, published by a team with Outpost24, found that even many IT administrators can't be bothered to come up with hard-to-guess passwords. Of 1.8 million pages identified as admin portals, the researchers made the disheartening finding that 40,000 of them used "admin" as its password.

Meanwhile, a study by NordPass released this week found that most people still rely on simple numerical sequences to protect their accounts and data, finding that "123456" is the most common password both in the US and worldwide.

This lackluster approach to passwords clearly shows in the increased number of cyberattacks that use employee passwords — either brute-forced, guessed, or stolen through phishing or a data breach — as an initial point of access to an enterprise network, intensifying the need for a better solution.

What Comes Next?

If people are still finding it hard to come up with strong passwords, however, they likely won't be on board to embrace new authentication technologies with open arms, security experts have said.

Indeed, 28% of Delinea survey respondents cited employees who don't understand or trust passwordless processes as one of the obstacles to going password-free. Other obstacles include including legacy apps and platforms that require passwords and MFA (43%), and the need for consistent authentication methods everywhere (37%).

What makes more sense, at least in the short term, is a hybrid environment that moves toward using the technologies that people already are familiar with to replace passwords than trying to do away with passwords completely before employees are completely on board.

These replacements for traditional passwords that people may find easier to adopt include multifactor authentication (MFA), biometrics, one-time passwords, and passkeys based on encryption technology, those surveyed said.

Still, it's unlikely passwords will ever likely completely disappear from some applications, although "we might remove the manual process of having to enter a string of numbers and letters to get access to whatever we need," Darren Guccione, CEO and co-founder at Keeper Security, notes.

"The reality is that passwords are essential to the way our connected devices operate and, given the billions of websites and companies that require passwords, we are a long way off from a true passwordless future," he says.

Managing Passwords

Until that future materializes, many are opting to provide better password management using various emerging technologies, according to the Delinea survey.

Sixty percent of those surveyed said they already are deploying PAM solutions to provide password management, role-based access control, session monitoring, and reporting across the enterprise, while 53% are using an enterprise password management solution to create, store, and change passwords.

"In this hybrid environment, it's critical to ensure the safe storage and use of both passkeys and traditional passwords," notes Guccione, who suggested an encrypted password manager that supports passkeys can facilitate adoption while preserving security.

It's unclear what the ultimate role of passwords will be in the workplace as this transition continues. However, what many may refer to as a "passwordless" future may actually be not so far off from the hybrid environments currently being deployed, Guccione notes.

"Just as cash continues to coexist with digital payment methods, passwords will still have their place with certain applications and websites," he says. "Passwordless technologies are a feature that can improve the user experience, but they are not a wholescale password replacement."

About the Author(s)

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights