Next Gen : Password less Security What does it really mean ? 3 mins read
Ramana Swami
?Dynamic Technology Leader, Enterprise Cloud, Ai Enablement & Security Solutions ?Accelerating Business Vision & Innovation through Technology Solutions & Strategies
Every one of us carry the burden of at least 50 passwords across corporate, financial, social, streamers and public spaces we use and interact. It is painful to keep maintaining passwords as different spaces have different password setups along with the routine reset and update we need to do for security protection.
This consumer side of activity is just a nuisance compared to the enterprise side of the activity, which is expensive, risky and requires constant attention to stay safe.
As an example, if there are 2000 users in an organization then each one of them need to adhere to the security policy and still there are 2000 opportunities for the hacker(s) who needs just 1 to get through.
My point being, there will always be an inherent weakness with user passwords no matter how rigid or robust the implemented solution is.
From the enterprise side the following activities are needed for the safekeeping and security of their information and nothing is 100% safe.
1. Password environments to manage secured passwords for users across multiple layers of systems & applications
2. Password management and safe keeping for connectivity from outside to inside (public via internet to corporate environments)
3. Continuous reinforcement, training and OCM (organization change management) to ensure users are following the rules of the security protocol
4. Service Desk, Help desk dealing with Password resets regularly
5. The Biggest: Avoidance / Reduction of password related security breaches 24 x 7 using cyber security protocols, security applications, security appliances, HW& SW, monitoring , Cyber process, training and audit to name a few.
Based on market standards it is safe to estimate that about 30% of the security related efforts and budgets are tied to Password and protection.
It has been drilled into our mindset for years that User ID and Password are the only ways of offering security and authentication.
Now, let us get back to basics: What is the purpose of a password?
Simply put, It is to authenticate an entity and allow access to certain areas through the IT eco system while not allowing access to the rest.
In that case, is there another way of achieving the same result without Passwords and How do we do that?
Yes it is possible using Password less authentication solutions.
Instead of passwords, identity can be verified based on a “possession factor”, which is an object that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token) or an “inherent factor” like a person’s biometric signature (i.e. fingerprint, face, retina, etc.).
Unlike possession or inherent factors, authentication that is based on something the user knows (such as a password, passphrase, or PIN code) is susceptible to easy theft, sharing by users, and requires constant management and handling by both users and IT managers.
The elimination of the concerns we discussed earlier along with the benefits are summarized here for ease of reference
1. Better User experience
2. Reduced IT- Security operational TCO
3. Much better security
4. Better IT Control and visibility
How widely this Password less Security is accepted in the marketplace currently?
Reference data for this response:
The Global Password less Authentication Market size is estimated to be USD 35.48 billion in 2019 and is predicted to reach USD 456.79 billion by 2030 with a CAGR of 29.1% from 2020-2030
Final point: In the next 10 years Password less operations and security will be widely used compared to the current password based security systems
Who are the top leaders in the Password less authentication marketplace :
While there are quite a few vendors with password less authentication tools and solutions the following are considered the leaders in the field.
- Okta
- Hypr
- Secret Double Octopus
- Trusona
For a quick review of the strengths and weaknesses of these 4 leaders I have provided a comparison chart here.
Suggestion:
With the security solutions moving more towards a password less environment, it is a good time for organizations to take a serious look at this solution and start planning a roadmap in the next 1 to 2 years to achieve it.