Authentication is the cornerstone of secure digital transformation for platform businesses, and beyond that, a pillar of the Fourth Industrial Revolution: from internet of things (IoT) devices that need authentication for machine-to-machine communication, to artificial intelligence (AI) that will be used both to secure and bypass authentication systems, and even blockchain, for which trustworthy authentication is the key to mass adoption.
However, one critical issue stands in the way of continued progress – the continued use of passwords as the principal means of authentication. The reliance on and use of passwords disrupt the customer experience, which is becoming one of the most important brand differentiators. Moreover, and paradoxically, passwords are actually very difficult to secure: on one hand, users keep on re-using them, on the other, companies struggle to process and store them securely. The vast majority of data breaches stem from weak or stolen authentication credentials. Today, credential stuffing attacks, i.e. attacks leveraging stolen credentials, are so common that over 90% of all login attempts on major retail sites are malicious, with average success rates around 1%. For high-value targets, even manual fraud attacks using stolen credentials are on the rise. Passwords are not providing sufficient protection. And perhaps most importantly, passwords cost companies millions every year, not just in data breach mitigation but also in password management costs.
This white paper makes the case for passwordless authentication, for four main reasons. First, it considerably improves the user experience. Second, it substantially decreases the costs associated with password management and data breaches. Third, it favors interoperability, unlocking value within and across businesses and public services, while supporting the digital transformation efforts needed to reap the benefits of the platform economy. Last but not least, passwordless authentication is much more secure. It eliminates a long list of attack vectors, from credential stuffing to phishing attacks, and puts users back in control.