SecureAuth†Corp., the pioneer in advanced adaptive access control for user authentication, is giving organizations the ability to ditch the password with new authentication methods that build on adaptive authentication techniques for a true passwordless experience.†
Continuing its mission in preventing the misuse of stolen credentials, SecureAuth has introduced additional multi-factor authentication (MFA) methods, including Link-to-Accept via SMS or email, and YubiKey, the FIDO Universal Second-Factor (U2F) security key by Yubico.
With these latest multi-factor authentication methods, users are not required to have a phone or smartphone application to authenticate passwordless. This means organizations can now go passwordless without having to issue phones or smartphones at the company’s expense or require employees to use personal smartphones. This provides greater flexibility in how organizations authenticate their end-users, moving more customers beyond the password. SecureAuth recognizes that it is critical for organizations to have flexible and adaptive workflows. While some vendors claim base-level passwordless capabilities, a one-size-fits-all approach simply doesn’t meet all use cases that companies face.
The Age of the Password Ends
The security industry agrees that passwords themselves are a security vulnerability. More complex passwords with mixed-case and special characters have not led to a decline in data breaches. Further, knowledge-based security is easily circumvented and imposes onerous requirements on users, such as frequent forced changes, which leads to user frustration, abandonment, and customer churn in portals. In the enterprise, complex password requirements lead to poor security practices, such as writing passwords down, fueling insider threats, and reusing passwords across many applications. In addition to usability and security issues, there is the issue of†increased costs†due to users forgetting their passwords and calling the help desk for resets.
“The password is undeniably the root of many serious security problems for organizations today,” said Keith Graham, CTO at SecureAuth. “While passwords were once an aid, they are less than ideal from a user-experience perspective, and they wildly underdeliver on protection and security. Link-to-Accept and YubiKey are just the latest additions in the SecureAuth portfolio of authentication methods that meet practical organizational needs. We’re moving more organizations to a password-free world that increases security, provides a simplified user experience and further enables digital transformation in business across all industries and sectors.”
Moving to a Passwordless Future
Effective security while maintaining a convenient user experience is a top concern for IT decision makers. According to†a SecureAuth survey, 82 percent of respondents said they are concerned about the misuse of stolen credentials to access their organization. Perhaps it comes as no surprise that†69 percent also said†their organization is likely to do away with passwords within the next five years.
The password is simply not enough to protect sensitive information and data. Better passwords are not the answer; the password paradigm itself is antiquated, and forward-thinking organizations are removing the dependency of a password as a primary method of authentication.
“Going passwordless eliminates one of the most common vulnerabilities, making it the next evolution of security and access control,” said Bob Thielmann, CIO at Janney Montgomery Scott. “If you want to do things right, make it simple. Requiring long, complex passwords makes authentication more difficult for users, and they’ll be inclined to take steps to make things easier, causing security risk. By removing the password, we will be able to increase the security of our network and data while streamlining the experience for our users.”
“A number of viable alternatives exist to the password, alternatives that not only improve security efficacy for the organization but also provide ease-of-use benefits to end users. Those who truly own the responsibility for the security of enterprise networks, applications, and data are strongly encouraged to embrace such alternatives. In spite of the sophisticated security measures that enterprises are putting in place, something as fundamentally simple as a password is tripping us up. Replacing and obsoleting passwords is an excellent approach to addressing and preventing the 63 percent of confirmed data breaches that involved weak, default, or stolen passwords referenced by the 2016 Verizon Data Breach Investigations Report.” Frank Dickson, Research Director at IDC, The Era of the Password Has Passed, Nov, 2016.†
