Liberate Your Users From Password Anxiety
The password is to user security what the cassette player is to music: outdated, inefficient, and prone to failing at the worst possible moment. It’s time we embrace the future. It’s time we go passwordless.
Everything about our lives is online now. It’s not just photo albums and instant messenger chats but our entire existence. Think about how much information lives behind these simple passwords: bank accounts and tax documents; personal correspondence and business plans.
Think about how many passwords you have to remember on a typical day. Think about how many special characters or capital letters or numeric digits the average user has to hold in their mind just to function.
Then think about this: all those passwords, all that annoying inconvenience, all those exhausting captcha logins -- none of them are even keeping us safe.
Passwords are inherently vulnerable
Truth is, most users are not disciplined about creating and rotating unique passwords for their various accounts. This means that it only takes a little bit of social engineering for bad actors to access their lives.
And that’s not the worst of it. Even if users did practice perfect password discipline, they would still be vulnerable. Most companies store all their user’s passwords in a single file on their servers. Even with expensive, high tech security measures, this has not been effective. It just takes one clever hacker to unlock the door and walk away with an entire database of user info.
A simple solution
It doesn’t have to be this way. Companies can save money, improve security, and make life easier for their users by embracing solutions built on basic cryptographic principles.
Biometrics
Anybody with a newer mobile phone has likely experienced the magic of biometric authentication. The beauty of these options -- which rely on recognition of each individual’s unique physical properties is that you can’t “forget” your own self; you are also hard to replicate. Biometric authentication can include recognition of fingerprints, faces, irises, voices, and even heartbeats.
Biometric authentication is fast and effective. Some users, however, might fear sharing their unique personal data with tech companies; and if compromised, that data presents an even bigger risk. You can change a password, but you cannot change your fingerprint.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) is exactly what it sounds like. Instead of just using a password to log in, you add a second “test.” Traditionally, that’s entering a one-time code sent by SMS or email; other times it can be entering an app and responding to a prompt. But, MFA doesn’t have to include a password or a second user step at all! The MFA process can also include biometrics or unique cryptography. A Zero-knowledge proof protocol allows users to prove their identity without actually sharing vulnerable information. In some cases all it takes is a 4-digit pin and the magic of a cryptographic token stored in a browser or mobile app.
This June 23rd, do the right thing for your company and your users:
go passwordless.
Account takeovers cost businesses a combined $25 billion (!)
in 2020, according
to Juniper Research.
to Juniper Research.
HALF of all
help desk calls
are to deal with simple
password resets, according
to research by OKTA.
password resets, according
to research by OKTA.
More than 1/3
of online transactions are
abandoned at checkout because
users forget their passwords,
MasterCard has found.
abandoned at checkout because
users forget their passwords,
MasterCard has found.
