The end is near for the password

By Alex Laurie, SVP EMEA, Ping Identity.

  • 11 months ago Posted in

The origins of the computer password aren’t entirely clear, with many believing it emerged from the Massachusetts Institute of Technology in the early 1960s. Since its inception, whenever that may be, as an authentication tool, the password hasn’t really changed. While it proved effective in an internet-less world, today it’s seen as a legacy authentication process that needs to be tossed aside for passwordless alternatives.

The password is an outdated tool which proves ineffective against today’s threat landscape, luckily, big tech companies, such as Amazon and Google, have woken up to this and are looking to better secure their futures. Our latest research indicates the move couldn’t have come at a better time, finding that consumers are becoming increasingly impatient when encountering poor digital experiences, especially when accessing their accounts. It leads to the notion that the end of passwords may well and truly be here.

Big tech domino effect

Earlier this year, in quick succession, Google and Amazon announced they would begin offering passwordless authentication methods in the form of passkeys. Considering that access management companies offer these solutions, and have done so for several years, why are Google and Amazon’s announcements so important?

As two of the globe’s most dominant technology enterprises with billions of users between them, these organisations can spark the necessary global change to passwordless. Instead of the billions of Amazon and Google users gaining access to the company’s platform through passwords, they are now asked to consider shifting to passkey alternatives when signing in.

We’re at the start of the long awaited passwordless era – as more organisations follow suit and continue to set up passkeys, users will begin feeling the impact of a more efficient login process and will exist in a more secure environment.

What makes passwordless alternatives that much better?

Passwords are a constant threat, leaving organisations open to an array of attack vectors – with phishing the most common. If you think back to some of the most infamous recent attacks, such as the Colonial Pipeline Hack, threat actors often gain access to a system using compromised passwords. With 24 billion pairs of stolen credentials up for sale on the dark web, it’s easy to see why account takeover is an easy angle for cybercriminals to attack. On top of this, passwords are an inconvenience. Think back to the number of times you’ve ended up locked out of a certain platform and had to embark on the painstaking process of resetting your password, and how many people keep track of their passwords on their phone, or in a notebook next to their computer?

With consumers wanting greater convenience and enhanced security, passwordless authentication tools provide the only solution that appeases both appetites sufficiently. Offering significantly increased security due to the lack of a crackable code, more efficient access thanks to biometrics, and reduced costs as there’s no need to allocate budget for password management or storage solutions, passwordless is the logical path for the tech industry to travel. And, thankfully, with big tech acting as the first domino, more will begin to adopt passwordless authentication methods.

While the transition will take time from both a B2B and B2C perspective, our research indicates that consumers will welcome passwordless authentication. 59% of the UK said if passwordless authentication was offered, they’d be happy to switch website/app/service.

Adding to the UK’s digital ID debate

As the UK begins its passwordless migration, it will also add urgency to one of the country’s most significant debates – the adoption of digital identities. While under the nose of politicians for many years now, the barrier to digital ID adoption has traditionally revolved around a lack of consumer trust. However, our research has found that 55% of UK citizens support a single-use government-issued ID. Yet despite these findings, the UK trails the rest of the world in terms of adoption.

Like passwordless authentication, the UK public needs to be shown digital IDs are a tool to improve security and efficiency, and that they won’t, in any way, impinge on their rights. Preventing the resale of their data is now a top priority for consumers when considering app features, with 70% of our global survey agreeing with this sentiment. Thus, ensuring and articulating the fact that consumer data will remain secure will ease barriers to digital ID adoption.

Passwordless: the ultimate consumer experience

As we move into a future where tools like digital identities and passwordless authentication build a frictionless consumer existence, both the public and private sector will play important roles in empowering everyone to make the transition with ease. Thanks to Google and Amazon’s actions, and the impressive tools the Access Management industry has built, 2024 will be a crucial year in the pursuit of ultra-secure and efficient digital experiences.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
The Network and Information Systems (NIS) Directive 2.0, an update to the original NIS Directive,...
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.