Passwords were supposed to prevent unauthorised computer access and defend against cyber threats. Unfortunately, it hasn’t worked out that way. The World Economic Forum reported that 80% of data breaches trace back to weak passwords and stolen credentials.
Passwords are easy to record, socially engineer, share with friends or just be guessed. People choose highly predictable passwords that are easy to type or include words like a name, or sports team, and birth year to make them memorable. According to a survey by Cybernews, top common passwords include 123456, qwerty and password. People cannot remember a unique password for each account, so they use the same or similar passwords repeatedly.
Increasing length, and regularly changing and setting complexity rules only causes more password reuse and greater predictability that get us Password12! and Qwerty2023!.
This is the digital equivalent of leaving your house key under the welcome mat.
Time to say goodbye to passwords?
Clearly, the time has come to retire passwords — or, at least, to use them in fewer instances.
What’s needed is a new approach to authentication, one that is easy for your end users — in fact, easier than a password. This new approach must also be robust enough to protect valuable digital assets, keeping private data secure and safe.
Good news: You can now choose passwordless authentication methods. These include:
- Mobile authenticator applications: Push notifications, challenge and response codes, and single-use passwords — all are secured on a personal mobile device.
- Windows Hello for Business: Microsoft’s Entra ID service replaces passwords with a cryptographic authentication key, securely stored on a Windows device, and unlocked with the user’s choice of face, fingerprint or PIN.
- FIDO2 hardware security keys: Looking like a tiny thumb drive, they securely carry a user’s personal cryptographic key. They unlock with a PIN or fingerprint, and are supported on Windows, Apple and Android devices, and modern web browsers.
- Biometrics: The user’s face, voice or fingerprint is used to unlock a securely stored personal cryptographic key to provide strong two-factor authentication.
Here are some of the benefits of going passwordless:
- Authentication designed for people, not machines.
- Improved user experience with reduced security risks.
- Greater citizen and consumer trust in digital channels.
- Robust protection against sophisticated cyberattacks.
- Nonrepudiation for accountability and regulatory compliance.
- Robust standards-based approach broadly adopted by technology vendors.
How DXC can help
Projects to reduce or eliminate passwords touch all users and span IT infrastructure and applications. New passwordless authentication technology is well tested and deployed at scale. The greater challenges rest with planning your communication with users, adjusting business processes, and integrating the technology across complex hybrid IT infrastructures.
Make the easy way the secure way for your organisation with assistance from DXC Technology. Our digital identity teams work closely with the leading technology providers, including Microsoft, Thales, CyberArk and ForgeRock, to empower our customers with the right passwordless technology choice. We recently helped a European energy company enable strong authentication for 300 privileged administrators accessing mission critical operational technology. And for a U.S. personal-investment company, our biometric authentication service secures the access of 11 million consumers to their investment portfolios, on their smartphones.
Additionally, with our deep industry experience and knowledge of the relevant regulations, we ensure customers achieve and maintain regulatory compliance.
Now’s the time to start moving away from passwords, and DXC Digital Identity experts are ready to help.