Graham Cluley Security News is sponsored this week by the folks at HYPR. Thanks to the great team there for their support!
Below, George Avetisov, Cofounder & CEO of HYPR, describes some of the findings of their recent State of Passwordless Security report.
2020 put Digital Identity challenges front and center. Our rapid shift to remote work has turned up the volume on password challenges to an 11. Passwords’ flaws are widely known, yet the urgency to move away from them is now greater than ever.
Last May Microsoft stated more than 150 million people use Windows passwordless login monthly. We at The Passwordless Company asked, What’s driving this trend?
In response we set out to learn what, why, and how businesses are thinking about passwordless technology. The result: our 2021 State of Passwordless Security Report, the finds of which are surprising, validating, and exciting.
Security teams now prioritize usability
Credentials-based attacks still dominate among reasons people say they’re migrating to passwordless authentication. A remarkable 64%, however, cite user experience (UX) as the reason for going passwordless. The security industry — whose work often degrades usability — now prioritizes UX as a top reason for deploying a security initiative.
PUSH attacks are up
Once praised as the favorite mainstream MFA method, we’re now seeing more attackers take advantage of PUSH notifications. 1 in 10 respondents encountered PUSH attacks while 9 in 10 regularly battle phishing. When password-based MFA intended to prevent phishing is weaponized in this way, it’s time to change its underlying authentication ASAP.
96% of respondents say shared secrets are out
Secrets-based authentication is unfavorable, based on a commanding majority of security practitioner responses. Their opinions confirm what we already know: that One-Time Passwords (OTPs) and Secret Sharing are outdated authentication methods.
Smartphones and standards are tops
73% of respondents say smartphones are the most convenient authentication, while an airtight 94% want to take a standards-based approach to password elimination. Proprietary passwordless approaches are everywhere, yet with interoperability a key concern, people are taking notice of what’s truly deployable. Even Apple has come along for the ride.
One passwordless login, many identities
More than two thirds (65%) of respondents say they use or expect to juggle multiple identity stores. Passwordless authentication offers answers to the stubborn question of interoperability and provisioning a singular, delightful UX in environments where there is identity fragmentation. We’ve already noted a broader trend in organizations decoupling authentication from identity ito lessen identity turmoil and cure MFA fatigue.
Passwordless has reached escape velocity
Remote work has increased adoption for stronger authentication and kindled a desire for more of it. Our report tells us that the sun is setting on passwords. To learn more on how we’re living in the passwordless decade, download HYPR’s 2021 State of Passwordless Security Report.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.