BioCatch has been discussing the move to a world of passwordless authentication for a long time. The problem with conventional passwords is not only the annoyance of maintaining them – this has been highlighted ad nauseum – but also the simple fact that passwords are largely ineffective.
Earlier this year, BioCatch Chairman and CEO, Howard Edelstein, covered many of the issues with passwords in his piece, “The Problem with Your Password? Everything.” Many people reuse the same password, and passwords are bought and sold by cybercriminals on the dark web like common currency. There are other issues to worry about as well, such as social engineering scams.
What is even more disconcerting is that password hygiene is only getting worse. According to SailPoint Technologies’ MarketPulse Survey, 15% of survey respondents would consider selling their workplace passwords to a third party and 75% of respondents reuse passwords across different accounts. This represents a 19% increase over the last four years.
Microsoft, a partner of BioCatch, also recently released a blog saying, “The reasons to eliminate passwords are endlessly compelling and all too familiar to every enterprise IT organization. Passwords are insecure. Inconvenient. Expensive. Nobody likes them. [insert your preferred reason here].”
How the Industry Is Moving
Ant Allan, Vice President Analyst at Gartner, predicts that by 2020: “60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases.”
Many companies have started moving away from passwords by enabling other factors of authentication, like SMS codes, authenticator apps, and physical biometrics. Consumers are becoming more accustomed to a passwordless world too. Earlier this year, the FIDO Alliance and Google announced that Android version 7.0 and up would become FIDO2 certified, enabling developers to make apps passwordless.
Google Chrome, Microsoft Edge and Firefox all support this as well. Consumers will soon be authenticating on their smartphone via external authenticators and biometrics.
What the Changes Mean for Passwordless Authentication
These changes are getting us closer to a passwordless world. However, simply getting rid of passwords is not a panacea either. Using a physical biometric or a two-factor sign in code could actually introduce more friction to the customer journey. In addition, social engineering scams, by nature, are immune to any of the aforementioned static authentication methods since the legitimate user is the one defrauding themselves under the influence of a criminal.
Enter behavioral biometrics. Behavioral biometrics is frictionless, working in the background to collect and analyze more than 2,000 cognitive and physical parameters in order to detect new account fraud and prevent account takeover fraud in real-time. And via patented Invisible Challenges™ techniques, the technology is resilient to replay attacks and other types of spoofing. Behavioral biometrics provides a continuous way to verify the integrity of a session while protecting the desired user journey.
The move to passwordless authentication is well underway. We are excited about the role behavioral biometrics will play in enabling this journey.
To learn more about how we do it, schedule a demo.