by Steve Whiter, director of Appurity
Passwordless authentication isn’t currently easy to achieve. There isn’t one, single passwordless solution that solves access challenges for firms across the legal sector. There are many challenges to be met along the journey of providing a universal solution – complex IT environments, admin costs and compliance red tape, to name but a few. The uptake of mobile is also applying pressure on firms to find a suitable solution. Many have experienced a huge increase in the use of mobile devices amongst their workforce. Having to enter multiple passwords in order to access all available resources via a mobile device is demanding to say the least. And this scenario is particularly unhelpful for the key people within your business. Access issues plus the associated downtime is both frustrating and costly to the organization.
For most businesses, passwords are costly and taxing to manage. And for your people, passwords can often deliver low user experience and can be easily exploited by criminals. Hardly surprising then that firms are keen to shift to passwordless authentication as part of an overall digital transformation. Adopting a passwordless environment delivers a better overall user experience (UX), less headaches for the IT department, enhanced security and less time wasted (which equals cost savings). Let’s look more closely.
Smart devices now have just as much access to your organization’s information as traditional endpoints. As people continue to work away from the office, their reliance on mobile devices is only increasing. And with remote working potentially becoming a permanent state of affairs for many employees, firms have to reconsider their approach to mobile. Increasingly, people will be using their own devices, or using personally enabled devices. Under these conditions, firms should consider a ‘zero trust’ approach – where security is all about eliminating implicit trust. This approach places greater importance on identifying the real-time health of a user’s device and the ability to provide conditional access to corporate data as a result. Password hacking is responsible for a significant proportion of security breaches – they are certainly a weak point in computer systems and cyber-criminals regard them as soft targets. Weak or stolen credentials highlight the need for organizations to rely on more than just passwords to secure accounts and inboxes.
If you do away with passwords then no password storage or management is needed. Without passwords you do away with the need to set password policies, you don’t have to keep resetting forgotten passwords and you’ll spend much less time detecting leaks (via compromised passwords). And whilst resetting passwords is not particularly taxing for most IT departments, it’s the outright volume of requests that can take up so much time. Indeed, for many helpdesk teams, password reset requests from users is the most common help ticket. A passwordless environment allows your business to cull those hidden costs that your firm will be incurring via an overstretched helpdesk.
Without knowing for sure when organizations reopen their office doors (partially or completely), remote working looks to stay with us for some time. When your people work remotely they rely on multiple applications, networks and servers to get their job done. For any large business, the number of tools that people depend on can be staggering. For the best user experience, the holy grail is a single mobile app solution – you want to simplify access for your people. Such a solution should work however simple or complex your organization’s authentication needs might be. A passwordless approach means that not only are your people not required to remember complicated passwords and comply with different security policies, they also don’t have to periodically renew passwords. Absolute mobility for your people means removing the need for a PC in order to reset passwords on their mobile devices, but to also enjoy the same user experience that they get on their PCs.
Time is of the essence for your key people. Time shouldn’t be wasted trying to clear up login issues or standing by for a reset. Passwords are forever a weakness for those trying to secure customer and corporate data. Cyber-criminals have a field day with passwords, which is often their preferred method of entry into your system. For all of these reasons, isn’t it time that your business considered a passwordless authentication solution?