Four Roadblocks to Employing Password Less Authentication

Four Roadblocks to Employing Password Less Authentication
Four Roadblocks to Employing Password Less Authentication

The transition to the cloud has increased the importance of Identity and Access Management (IAM) in terms of security. Password hygiene is becoming increasingly crucial as malicious actors hunt for new ways to obtain credentials.

Employees are one of the most crucial elements of any organization. Unfortunately, most security concerns are driven by staff negligence and mistakes.

Weak passwords are typical mistakes made by employees. According to a Verizon survey, 81% of data breaches are caused by weak, misused, or stolen passwords. However, it appears that passwords are rapidly becoming obsolete. According to Gartner, 90% of mid-sized businesses and 60% of worldwide companies will use password less authentication techniques by 2022.

IT teams confront a few obstacles when adopting password less authentication in their business. Some of them are mentioned below.

Cost and effort of deployment

Password less authentication isn’t as simple as turning a knob. Firms will need a detailed, step-by-step strategy to integrate new software or hardware and educate personnel. Developing and implementing a project and change management strategy takes time away from other jobs and critical projects.

Deploying password less authentication is also costly. If a company opts for hardware, it must purchase devices, tokens, or cards for each employee and replacements in the event of damage or loss. Although the software is a less expensive choice, other costs are to consider, such as administration, migration, and maintenance.

Security restrictions

Password less authentication is far superior to traditional password structures, yet it is not without flaws. Malware, man-in-the-browser, and other attacks are feasible even with password less authentication. Hackers can, for example, install software designed to acquire One-Time Passcodes (OTPs). They might even contaminate web browsers with Trojans to block shared data such as one-time passcodes or magic links.

Attackers have even duplicated voice recordings and other biometric elements. However, the authentication factor(s) that companies employ minimizes these threats. Merging multiple authentication factors with Multi-Factor Authentication (MFA) increases security even more.

Also Read: Cybersecurity in 2022 – Addressing the Barriers to Passwordless Authentication


There are also difficulties in completely embracing technology, particularly when it comes to the end-user. Employees have been accustomed to using usernames and passwords to access their programs for years, but this solution would end that. Employees who will utilize the authentication techniques, as well as IT security personnel who will manage it will need extensive training.

End-user skepticism

People have become set in their ways. They are used to using passwords, particularly those that are simple to remember. Changing passwords every 30 days, storing them in the browser, and using autofill to log in has become second nature. This makes it difficult to imagine a world without passwords, and many people are skeptical of their effectiveness. In addition, learning new technologies, setting up new devices, and establishing biometric authentication factors is difficult enough without having to use them for every login session.

On the other hand, enterprises have been subjected to enough cyber-attacks to realize that the status quo isn’t good enough. Even if it takes a bit longer for individuals to adopt password less authentication, the security it provides is well worth the effort.

For more such updates follow us on Google News ITsecuritywire News