Many industry pros are increasingly channeling their inner Bill Gates in 2004 and predicting the decline of the password.
The PW prognosticating demonstrates some confidence in the IT world that a passwordless infrastructure is now sufficiently in place. What’s left is to convince newcomers and skeptics of biometrics and passkeys’ usability. Enterprises and developers can do this with pilot programs and test runs.
“The most notable shift over the past couple of years has been that every major platform vendor is now supporting open standards for passwordless authentication that are in their flagship operating systems. So, this means for the first time that virtually every modern computing device has the capability to support passwordless authentication,” said Andrew Shikiar, executive director and chief marketing officer at FIDO, during a May roundtable discussion led by authentication provider Okta.
Shikiar also predicted on the call that the majority of consumer services in the next three to five years will offer password-free sign-in options.
Just FIDO it. In May 2022, Apple, Google, and Microsoft announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium (W3C).
Google and Apple have since announced integration with passkeys, which store a private credential on an individual’s device rather than in a company’s server. And Windows Hello offers FIDO2-certified passwordless options like facial-recognition or fingerprint-scanning biometrics.
Follow the frictionless leader. Though some enterprises appear poised to KO the PW—the passwordless vendor SecureAuth’s April 2023 State of Authentication survey, conducted independently by VIB Research, found that 65% of 285 IT and security pros are planning on implementing passwordless technologies in the next 24 months—the general public is still a long way from fully embracing alternatives.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
A FIDO report of 10,000 global consumers, released in October 2022, revealed that the ever-persistent password is still the most-used authentication method for 51% of surveyed respondents.
“Using passkeys today, you could have a completely frictionless experience signing into your bank and authorizing a million-dollar transaction. For most people, that’s jarring…So, it’ll take some time to move people down this path to having comfort and confidence in this passwordless, sign-in experience,” said Shikiar.
Both developers and enterprises can lead the passwordless way.
For large enterprises with a variety of employees and devices, Vishnu Allaparthi, partner of cyber risk and regulatory practice at PwC, recommends proof-of-concept projects with a small group of authenticators.
“A lot of organizations have started their journey towards passwordless from an enterprise perspective. That doesn’t mean that you’re totally getting rid of the password…but you’re slowly shifting towards not using the password to authenticate. You still have that as a backup for certain scenarios, certain use-cases where I cannot use my FIDO credentials or passkeys to log in,” said Allaparthi during the May call, adding that developers too must drive adoption by making passwordless a primary registration option as they’re building their apps.
“We’ve got to demand that passwordless future as an end user, because the tools are there,” said Allaparthi.
Passwords have the advantage of ubiquity, but passwordless options, including third-party authenticators and biometrics, are supported by an ubiquitous device: the phone.
“When we think about how much care people put around their mobile devices, it becomes an excellent tool for us to deploy passwordless, because it has all of the available technologies on it to help us implement passwordless,” Jameeka Green Aaron, CISO at Okta, told IT Brew in May.