Passwords are Passé
Passwords are cumbersome and insecure. Users don’t want the hassle of inventing a multi-letter, multi-number combination that uses at least one capitalized letter and a special character. Those passwords are hard to remember, create unnecessary friction and are easy to guess, steal and crack by hackers. Simple username / password authentication methods are highly insecure and prone to person-in-the middle attacks (also referred to as Man-in-the-Middle attacks), keylogging, phishing, credential stuffing and brute force attacks. They also create administrative overhead. In fact, Forrester research shows that large organizations spend up to $1 million per year on helpdesk interventions involving password resets. It is time to rethink authentication methods that rely on passwords. OneSpan can help you on your journey to passwordless authentication.
Passwordless Authentication Explained
Passwordless authentication encompasses every authentication method that doesn’t rely on a (static) password or knowledge-based secret. Proof of a user’s identity therefore relies on other authentication factors such as a possession factor (e.g., a mobile authenticator app, hardware token or OTP) or a biometric trait such as a fingerprint or facial scan.
Are Passwordless Authentication Methods Safe?
Passwordless authentication solutions are inherently more secure than password-based systems, but everything depends on how passwordless authentication is deployed. Experts recommend a passwordless authentication strategy that incorporates multiple factors of authentication and therefore becomes a multi-factor authentication (MFA) solution. Passwordless authentication methods greatly reduce the chance of a user's trust being exploited by cybercriminals as there is no password to be leaked or intercepted. After all, your organization's security posture is only as strong as its weakest link. Taking a multi- layered approach to authentication that includes mobile app security, device security and continuous fraud monitoring will further enhance the level of security.
Benefits of Going Passwordless
Reduce Social Engineering Fraud
80% of hacking-related breaches are caused by compromised credentials and about one third is targeted towards the banking industry. Some banks report up to a 300% increase targeted towards their banking customers. Deploying passwordless authentication will greatly enhance your security posture. As there are no passwords to phish, the likelihood of being exposed to phishing schemes, such as person-in-the-middle and person-in-the-browser attacks, account takeover and replay attacks that rely on passwords, is greatly reduced.
Optimize the User Experience
Eliminating passwords improves usability. Remove friction and keep customers coming back with the best authentication experience. Deploy stronger and more convenient authentication with biometrics, such as a fingerprint scan and facial recognition, or provide your customers with a transparent transaction verification experience.
Reduce Costs with Passwordless Authentication
Password management eats up resources. Going passwordless will help organizations reduce the costs associated with password resets and monitoring. Passwordless authentication will also help to improve overall productivity for helpdesk teams.
Is Passwordless Authentication a Fit for Me?
Is it worthwhile to implement passwordless authentication across your organization? The answer is yes. Passwords are the primary reason for data breaches and according to the Anti-Phishing Workgroup, the financial sector remains the target of most phishing crimes with more than 29% of all phishing attacks . The cost of implementing passwordless authentication and transaction validation is nothing compared to the fines and losses incurred due to a data breach. OneSpan can help you to assess and implement more robust passwordless methods such as mobile authentication to improve your enterprise security and offer a better user experience.
Practical Use Case
Passwordless Login with FIDO and Biometric Solutions
Deploy stronger and more convenient authentication with FIDO, using biometrics such as fingerprint and facial recognition. Deploying OneSpan's FIDO solutions will provide stronger authentication by eliminating server-side vulnerabilities.
FIDO authentication eliminates the weakest link in the authentication chain: traditional passwords. Combine strong security with an outstanding customer experience by deploying passwordless authentication that uses the native security capabilities present on the user’s mobile device (e.g., smartphone).
FIDO uses public key cryptography to provide the most secure method of passwordless authentication. Private keys and biometric templates never leave the user’s device and are never stored on a server, meaning they’re also not vulnerable to phishing, password theft or replay attacks. This makes FIDO the perfect solution to combat social engineering attacks. In addition, OneSpan’s FIDO solution is integrated with the OneSpan Mobile Security Suite and provides the benefit of additional application security and app shielding.
Practical Use Case
Passwordless Transaction Verification
OneSpan’s Cronto solutions help prevent fraud and strengthen protection against Trojans, phishing, person-in-the-middle and person-in-the-browser attacks. Cronto solutions offer a passwordless authentication method as no manual input is required to confirm banking transactions. Cronto takes the trust decision out of the user’s hands, ensuring that only the bank can initiate a transaction signature request.
Transaction details are displayed for approval by the user. It’s as simple as that. When a user initiates a banking transaction, the details of that transaction are encrypted and presented in a fully encrypted QR-like code. The user simply scans that code and authorizes the transaction.
Practical Use Case
Passwordless Browser Login with FIDO2
Digipass® FIDO Touch provides passwordless authentication, allowing users to securely logon to online services and perform banking transactions via mobile or desktop. Digipass FIDO Touch works out-of-the-box with any service supporting FIDO2 authentication protocols. The solution replaces the username and password combination to sign-in to any FIDO2 enabled service, Windows 10, and the cloud version of Microsoft Azure AD 365. There’s no need to download drivers or software.
Practical Use Case
Combine Passwordless and Adaptive Authentication
To strengthen security, many organizations adopt a zero-trust security approach where users must authenticate themselves at each login. Rigid authentication systems result in unnecessary security steps for low-risk transactions and lead to a poor user experience.
The reality is that security can be completely invisible to the end user and have zero impact on low-risk transactions. OneSpan’s Intelligent Adaptive Authentication applies a precise level of security for each unique customer interaction, resulting in the best possible user experience. This dynamic security is achieved through real-time fraud analysis of extensive user, device, and transaction data, resulting in a risk score. This score triggers automated security workflows that apply the exact security required for each transaction.
Practical Use Case
Optimize the mobile experience and reduce fraud with app security
OneSpan's Mobile Security Suite helps organizations maintain trust without impacting the customer experience. Leverage a combination of authentication options, including biometrics and push notifications for your customers, while also proactively defending against the most advanced mobile threats using application shielding.
Passwordless Resources
Case Studies
- NewB selects OneSpan’s Cloud Authentication and Mobile Security
- Turkey’s Odeabank Integrates OneSpan’s Mobile Security Suite into their Banking App
- Bank of Cyprus: Enhancing Customer Experience with Software Authentication and PSD2-compliant Dynamic Linking
- Raiffeisen Italy: Transforming Customer Experience through Security
White Papers and Reports
Blogs
