Password authentication is not only insecure, it also leads to poor user experiences and is costly for organizations to maintain. Traditionally, passwords were supposed to add a protection layer to the overall security of IT systems. However, relying on passwords for security has become increasingly risky and problematic. As a result, many organizations are starting to adopt passwordless authentication solutions.
While digital identity and authentication have changed since the early days of the internet, passwords remain practically the same. To understand why a passwordless solution has the potential to improve both security and user experience, it is necessary to recognize why passwords are failing as an authentication method. In reality, passwords were not designed to provide security but were instead created to keep track of how much time was spend on shared mainframe computers.
In the 1960s, computer scientists at the Massachusetts Institute of Technology (MIT) developed the Compatible Time-Sharing System (CTSS), an operating system for multiple users that employed separate consoles and required users to access a shared mainframe by using passwords to secure and access private files. Passwords therefore introduced the concept of authentication and login in the digital world.
Shortly thereafter, however, a software bug infected the system's master password file and made everyone's passwords available to anyone who logged into the system. The system’s breach demonstrated the insecurity and inefficacy of passwords as a method of authentication. Consequently, the IT security community has long been looking to replace passwords with alternative and more secure methods.
Recent years have seen a spike in account takeover fraud and credential-based attacks, exasperated by the rise of remote and hybrid work. Thus, authentication systems are being replaced and modernized due to security risks and inconveniences associated with traditional methods. With password elimination being recognized as a fundamental goal for the IT security industry, passwordless authentication options have become increasingly popular and widely accepted.
Furthermore, efforts by the FIDO Alliance and the development of open standards such as FIDO2 and WebAuthn have further generated adoption of passwordless authentication solutions. The FIDO Alliance is made up of some of the largest and most respected tech companies in the world. Most recently, the U.S. government published a cybersecurity memorandum emphasizing the need for stronger enterprise identity and access controls. According to the document, agencies and organizations should implement a Zero Trust strategy and enforce phishing-resistant MFA across applications and federal systems.
Essentially, passwordless authentication solutions should provide an easy and frictionless user experience, but not at the expense of security. Indeed, there is a growing need for passwordless technologies, but the challenge is finding one that is easy, convenient, and secure. It is therefore important for organizations to choose the right passwordless solution that meets their unique challenges and requirements around user experience, security, compliance, and technology stack.
By removing passwords and improving user experience at the same time, HID Global’s Authentication Platform provides a holistic approach to passwordless authentication that protects users against credential-based attacks and account takeover fraud cases. The company has been a strong player in government and enterprise workforce IAM for years and is moving more into consumer use cases. Sharing the FIDO Alliance’s vision for a passwordless future and a leading provider of FIDO2 enabled and certified solutions, HID supports a wide range of use cases in various verticals.