Passing on passwords in 2023 ( finally )
Alex Laurie , SVP Global Sales Engineering , ForgeRock , tells us why this year will see the expiration of the password – a security model which has long been the most common authentication method – and how the foundations for a passwordless future have already been laid .
The pandemic trained consumers to expect better online experiences as everyone went digital to manage their lives . This fundamental shift has intensified pressure on businesses to deliver enjoyable experiences without compromising security or control . This new requirement will be a major differentiator between businesses competing for the same customers in the coming years – and will determine which brands thrive .
Central to meeting this goal will be how businesses manage the authentication of their customers and users . In general , authentication should achieve three objectives : keeping that account secure , preserving a smooth user experience and linking a user to their account or online identity . Password-based authentication is by far the most common authentication method but it fails on the first two of these three counts .
The password-username model is broken . In 2022 alone , more than 2 billion usernames and passwords were breached , increasing by 35 % in 2021 and almost half of all records breached included some form of login credentials . In addition to this , up to 40 % of all helpdesk enquiries
Alex Laurie , SVP Global Sales Engineering , ForgeRock are related to passwords – a huge drain on company resources .
So , why will this year be the year that passwords finally expire ?
Enterprise security ’ s weakest link
Passwords are often an organisation ’ s weakest link . Given the costly implications associated with account takeover , which has skyrocketed by 307 % in recent years , and the colossal deficit of trust they cause , the stakes have never been higher .
The volume of digital identities per person globally has risen exponentially in recent years . The average American now has over 150 online accounts according to some estimates .
Each of these accounts is a different vector for attack and with cybercriminals able to access increasingly sophisticated malicious cyber tools , threat actors are almost spoilt for choice when it comes to identity theft .
Through phishing , password spraying or brute-force attacks , cybercriminals can access vast amounts of information through a single account , leading to further breaches .
38 www . intelligenttechchannels . com