Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/30/2020
09:00 AM
Gerald Beuchelt, Chief Information Security Officer at LogMeIn
Gerald Beuchelt, Chief Information Security Officer at LogMeIn
Sponsored Article
100%
0%

Why the Future Is Passwordless

Passwordless authentication gives IT teams the control they need while providing employees with a seamless login experience. Here's why the future is passwordless.

Passwords have been at the heart of keeping our digital lives secure for decades. Just think — any time we access any digital device or account, we need to enter a username and password. This is nothing new. As technologies advance and society continues to operate in a remote work environment, the number of online accounts grow. For many, keeping track of the numerous account details has become a burdensome task, inevitably causing individuals to use poor password hygiene. This is slowly changing in bits and pieces, but the password experience is still very common.

While organizations and people understand that passwords play a huge role in one's overall security, many continue to neglect best practices by using or reusing weak, easy-to-crack passwords. In fact, over 80% of hacking breaches involve brute force or the use of lost or stolen credentials. Specifically, 37% of credential theft breaches used stolen or weak credentials, sparking many to ask: Why do we still depend on this form of authentication?

While we won't completely eliminate passwords, a passwordless approach could be the answer to many authentication and security challenges. Our "From Passwords to Passwordless" report found that 92% of IT professionals believe that delivering a passwordless experience for end users is the future for their organization.

Remote Work Accelerates the Move to a Passwordless Approach
The massive shift to remote work seemingly happened overnight, and organizations quickly adapted their business operations to support remote employees. The pandemic forced IT leaders to rethink strategies to manage their employees outside of the office in a secure manner, accelerating digital transformation. 

As companies continue to navigate long-term remote work and the security challenges that come along with it, such as insecure networks or lack of visibility, deploying new technologies will be top-of-mind for IT decision-makers well into 2021. Finding solutions that will enable remote employees to have simple and secure access will be more important than ever to support business continuity, and passwordless authentication may be the remedy. Acknowledging the security risks associated with passwords, more and more organizations will look toward adopting passwordless authentication.

Benefits of Adopting Passwordless Authentication
One of the most advantageous reasons to adopt passwordless authentication is the increase in security. Eliminating users' need to manage and use passwords means eliminating risk. Users no longer need to rely on multiple usernames and passwords, alleviating the worry of keeping track of login credentials and the poor password behaviors that often come along with this. Various identity and access management (IAM) solutions can also enable stronger security within an organization. Implementing solutions such as single sign-on (SSO), enterprise password management (EPM), and biometric multifactor authentication (MFA) strengthens an organization's security posture and makes individuals less susceptible to cyberattacks.

Passwordless authentication also increases workplace productivity as employees no longer need to spend time inputting and changing passwords. Not only will this free up employees' time, but this will help alleviate stress to an organization's IT department. Today's IT teams spend an average of six hours per week on password-related issues. Removing this burden will enable IT to use that time on other critical tasks.

Opting for passwordless authentication provides employees a seamless login experience across all channels without inputting a password and likely submitting help desk requests for password resets. By allowing employees to simply and securely authenticate using biometrics or other integrations, the user experience is instantaneously improved since there is no longer a need to enter a complex password. Overall, the process is fast and convenient, reducing the day-to-day frustrations of logging in and remembering complex passwords. For IT teams, passwordless authentication provides complete control — even in a dispersed work environment.

Adopting a Passwordless Model
As remote work becomes the new normal, organizations will need to reassess security challenges within a hybrid workforce. Next year, we will see continued adoption of passwordless authentication models through the implementation of IAM solutions.

Visit LastPass.com to learn how to help your organization adopt a passwordless model today.

 

About the Author
Gerald Beuchelt is the Chief Information Security Officer at LogMeIn, makers of password and identity management solution LastPass. He is responsible for the company's overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...