Authentication

Password Authentication is Becoming Outdated

With organizations scaling up exponentially in a matter of months and end-users expecting nothing but the best user experience (UX), passwords are being seen as the next big casualty, and rightfully so. The modern user wants a frictionless experience with zero compromises. Let’s take a closer look at the business and operational aspects of password authentication, a dying dinosaur.

Let me start off with a question which you will probably be answering with a quick “No” – Do you remember your best friend’s mobile phone number?

Just take a closer look at what happened with phone numbers around two decades ago. The global adoption of smartphones and tablets has made it unnecessary to remember phone numbers and personal addresses. Everything is taken care of by smartphones and software apps. The same is happening in the authentication space with the rise of passwordless authentication. 

Top 3 Reasons to Go Passwordless Today

Let’s get the biggest and most obvious benefit out of the way first – password fatigue. As per a recent NordPass research, the average person today has to remember over 50 passwords. This is creating more and more friction during logins or after inactive sessions, something that has a direct effect on customer churn and subscription metrics. Passwords hurt business. Period.

Now that we have made the core issue clear, we need to inspect other problems that passwordless is helping resolve. Without further ado, let’s dive into some key roadblocks that password authentication has created today.  

1. Customer Ops and Product Enablement

With password authentication, there is always additional stress on IT and support teams. They have to perform time-consuming tasks like password resets and solve login issues that are often password-related. The former is costing organizations around $70 per reset today, not to mention the resources and time that are wasted on these mundane tasks – pure productivity-killers.

Going passwordless is essentially the best way to make sure that you are turning your offering into a customer-centric one that creates the optimal user experience and reduces friction to a minimum. By allowing users to eliminate passwords you are solving a real problem and allowing them to use your product seamlessly. Passwordless is a true PLG-enabler used by all industry unicorns today.

It’s no surprise that as per a recent Gartner study, 60% of large organizations and also over 85% of midsize enterprises (MSEs) will be implementing passwordless authentication solutions for over 50% of their use cases by the end of 2022.

2. Freeing Up Engineering Resources

There is no way to sugarcoat this – password storages and databases are single points of failure. The hackers and the bad guys know this fact very well and have been ‘feasting” on this inherited weakness over the last two decades.

Passwordless authentication eliminated this issue altogether since there are no passwords to handle or store. With no password databases in the picture, there is also zero maintenance required. There are literally no problems while scaling up fast or migrating infrastructure. In other words we are looking at faster Time-to-Market (TTM) with no impact on business or performance metrics.

But that’s just the tip of the iceberg. With less work on maintenance and no need to manage such complex databases, your IT teams and devs can start focusing on what matters most – the core technology and developing new features. Simply put, there is more time for research and development, allowing you to achieve product maturity faster for a better and sustainable bottom line.

3. Improved Security Standards

Weak passwords are a SaaS vendor’s curse, in both B2B and B2C use cases. To make matters worse, many companies simply cannot enforce complex password usage due to usability issues or specific target audience requirements. 

The end result – people are using passwords like “Password1234”, “abcd1234”, “12345678”, or similar variations that are easy to guess or exploit via brute-force attacks. Unfortunately cybercrime is evolving at a worrying pace. Remote Desktop Protocol (RDP) attacks, email phishing, and vulnerability exploits are just a few methods being used today to execute devastating ransomware attacks.

US-based oil infrastructure mage-company Colonial Pipeline Company was hit hard this summer by Darkside, an infamous ransomware group. The exploit was initiated via one compromised password, with losses reaching millions of dollars. 

Password Storages have Become Hackers’ Honeypots

Security incidents often snowball into regulatory fines and compliance issues. Data privacy is no longer an option. You have the GDPR in the European Union (EU), CCPA and HIPAA in the United States, and the Data Privacy Act in Canada.  

Passwordless is the New Norm

The bottom line is clear. Your users are human and using passwords goes against human nature. There is no real way to enforce strict password policies and still ensure high levels of customer satisfaction. Social logins solve the issue to some extent, but are still quite limited when compared to passwordless. How many of you remember your Twitter account password at this very moment? 

I wish to touch on the password resetting issue again, which is creating the perfect storm for going passwordless today. As per a recent Veridium study, organizations are losing almost 2 million annually due to this persisting menace. Passwordless authentication is a true game changer since it eliminates the overhead  and other requirements completely. In other words, password authentication is doomed.

Do note that it may take some time until password authentication disappears altogether, since it has become such a widespread strategy over time. My estimate is that it will take a few years for this methodology to go extinct. 

That being said, I personally believe that a change must start somewhere. Frontegg, which is pioneering the user management space, bears a responsibility to lead this important revolution. That’s why we have decided to make passwordless our default authentication strategy across all our portal and services. The future belongs to those who prepare for it today.

It’s Time to Go Passwordless – Start Now