Passwordless Authentication: The Next Step in Cybersecurity

Many industries are changing their authentication systems to passwordless systems. Technology companies have been at the forefront of adopting passwordless authentication, with Google, Apple, and Microsoft all offering passwordless login options for their users. Financial institutions are increasingly adopting passwordless authentication to protect customers from fraud. Recently, healthcare organisations and government agencies have begun to transition to passwordless authentication to improve patient privacy and security. There is a clear trend towards passwordless authentication.

Passwordless Authentication Market to Grow at a CAGR of 12.2% to 2031

According to the Allied Market Research, the global passwordless authentication market size was valued at USD 12.8 billion in 2021 and is projected to reach USD 40.2 billion by 2031, growing at a compound annual growth rate (CAGR) of 12.2% from 2022 to 2031. The North American region is expected to be the largest market for passwordless authentication during the forecast period, owing to the presence of a large number of technology companies and the early adoption of new technologies in the region. The Asia-Pacific region is expected to be the fastest-growing market for passwordless authentication during the forecast period, owing to the increasing adoption of smartphones and other mobile devices in the region.

These stats show that the passwordless market is growing rapidly. This is because passwordless authentication is more secure, user-friendly, and cost-effective than password-based authentication.

• Increased security: Passwordless authentication is more secure than password-based authentication because it is more difficult for hackers to steal or crack. Passwords can be stolen through phishing attacks, malware, or data breaches. They can also be cracked using brute-force attacks or rainbow tables. Passwordless authentication methods, on the other hand, are more difficult to compromise. For example, biometric authentication methods, such as fingerprint or facial recognition, are very difficult to fake.
• Improved user experience: Passwordless authentication is more convenient and user-friendly than password-based authentication. Users do not need to remember or enter complex passwords, which can be time-consuming and frustrating. Passwordless authentication methods are also typically faster and easier to use.
• Reduced costs: Passwordless authentication can help organisations to reduce costs by reducing the need for password resets and other support tickets. Passwords are often forgotten or lost, which can require users to reset their passwords. This can be a time-consuming process for IT staff. Passwordless authentication methods eliminate the need for passwords, which can help to reduce the number of password resets and other support tickets.

Accenture and VA's Password-free Success Stories

In 2021, Accenture, a global professional services company that provides a range of services, including consulting, strategy, digital, technology, and operations, began a journey to eliminate passwords from its IT systems. The goal of this journey was to improve security, reduce costs, and improve the user experience.

Accenture's password-free journey has been a success. The company has eliminated passwords from over 90% of its IT systems, and it has seen a number of benefits, including:

• Reduced phishing attacks: Accenture has seen a 60% reduction in phishing attacks since eliminating passwords. This is because phishing attacks are much less successful when users do not need to enter their passwords.
• Improved user experience: Employees no longer need to remember or enter complex passwords, which can be time-consuming and frustrating. Passwordless authentication methods are also typically faster and easier to use.
• Reduced costs: Accenture has seen a reduction in costs since eliminating passwords. This is because password-free authentication methods eliminate the need for password resets and other support tickets.

Accenture's password-free journey is an example of how large organisations can successfully implement password-free authentication. Accenture's success shows that password-free authentication is a viable and secure alternative to password-based authentication.

In 2020, the United States Department of Veterans Affairs (VA), the second-largest federal department in the United States, began piloting a password-free authentication system for its employees. The pilot was successful, and the VA is now in the process of rolling out the password-free system to all of its employees.

Since implementing password-free authentication, the VA has seen lots of benefits. Above all, the VA has seen a 60% reduction in phishing attacks since implementing password-free authentication. This is because phishing attacks are much less successful when users do not need to enter their passwords. It also resulted in significant improvement in the user experience. Employees no longer need to remember or enter complex passwords, which can be time-consuming and frustrating. Password-free authentication methods are also typically faster and easier to use. The VA has also seen a reduction in costs since implementing password-free authentication. A new password-free authentication methods eliminated the need for password resets and other support tickets.

Passwordless Systems with Advanced Security

Passwordless systems from the two companies mentioned above use a variety of authentication methods, such as fingerprint scanning, facial recognition, and security keys. However, what is important to note is that they all thoroughly manage stability and convenience by setting up more specific security measures.

• Multi-factor authentication: By enabling the use of two or more different authentication methods for login, it is much more difficult for an attacker to access employee accounts.
• Risk-based authentication: Uses a variety of factors, including the user's location and device, to determine the risk of a login attempt, requiring users to provide additional authentication when detecting a high-risk login attempt.
• Continuous monitoring: Continuously monitors passwordless systems for suspicious activity, locking users' accounts or requiring users to change their passwords when suspicious activity is detected.

In addition, they take a variety of security measures to protect our passwordless systems, including the use of encryption and regular data backups.

New Authentication Methods Enhance Security and Convenience

The passwordless systems has still been evolving. By implementing risk-based authentication from the system design stage, the risks of login attempts are prevented in advance, and new authentication methods such as continuous authentication continue to emerge. Also, artificial intelligence (AI) and machine learning (ML) is used in the passwordless systems to analyze user behavior and device data to detect and prevent fraud.

One advanced authentication system that could help to improve the passwordless systems is swIDch's one-time authentication code (OTAC) technology. OTAC is a new type of authentication method that uses a device's trusted execution environment (TEE) to generate and store cryptographic keys. The TEE is a secure part of the device that is isolated from the rest of the operating system and applications. This makes it very difficult for attackers to access the cryptographic keys stored in the TEE.

OTAC uses the cryptographic keys in the TEE to generate a one-time code that is used to authenticate the device. The code is only valid for a short period of time, and it cannot be reused. This makes OTAC a very secure authentication method.

OTAC is also a simple authentication method. Users don't need to remember or enter any passwords. They simply need to type codes generated or tap their device to authenticate. This simple process makes the companies' passwordless systems even more secure and simpler.

Transforming End-User Logins and IT/OT Systems

Current authentication systems including end-user logins or IT/OT systems will be transformed into passwordless in the future. Passwordless authentication is more secure, user-friendly, and cost-effective than password-based authentication. As a result, more and more organisations are expected to adopt passwordless authentication in the coming years.

In fact, some organisations have already begun to transition to passwordless authentication. Critical industries offers passwordless login options not only their customers but also their employees. It is clear that passwordless authentication will become the standard for authentication in the future.