logo
Why you must go passwordless
20 October 2020

Why you must go passwordless

20 October 2020

Passwords are a burden on businesses and consumers. They’re expensive, insecure and difficult to manage — they must be eliminated.

Since the pandemic began, hacking and phishing threats rose by over 600%. With threats caused by compromised and weak credentials still rising by the day, one thing is clear: passwords are no longer able to fulfil the simple role they were designed for.

The problem with passwords

1. Stolen passwords are a top attack vendor

Stolen and weak passwords are one of top tools that criminals use when attempting to breach corporate networks. According to Verizon, stolen credentials and phishing attacks were the top cyberattack vendors last year, with at least eight in ten hacking incidents being tied back to compromised credentials.

2. Complex password policies are disregarded

To make matters worse, employees often disregard password policies altogether, with password sharing and reuse rampant in organizations. Unsprisingly, password sharing makes malicious actors coming across a set of company credentials extremely likely, giving them the power they need to launch large-scale attacks.

3. Password costs skyrocketing

Organizations spend millions every year in a futile attempt to bolster the password. According to the World Economic Forum, a company with just 15,000 employees will spend $5.2 million per year for password resets alone, or a shocking $346 per employee.

Research from the annual Verizon Data Breach Investigation Report 2020 found that stolen credentials and phishing attacks are still one of the top methods used by hackers to launch attacks on businesses.

There is good news: 99% of all hacks can be eliminated with multi-factor authentication — Microsoft

Yet according to a study by LastPass, only 57% percent of companies have implemented some form of multi-factor authentication.

Why are companies resisting strong authentication?

Multi-factor authentication solutions are not as widely adopted as they should be because legacy market solutions are too cumbersome on users and/or too expensive to deploy at scale. Making things even more complicated is the fact that there’s also major security red flags with some legacy multi-factor authentication solutions.

Legacy MFA solutions combine memorized secrets (passwords, PINs, secret answers), which are easily compromised, with secondary devices like (smartcards, hardware tokens or one-time codes sent via text to the user’s device).

While some MFA methods are indeed secure, others like those that rely on SMS-tokens, are not. For example, The Telegraph reports that over a five year period, UK customers lost over £9 billion in sim swapping attacks.

According to Verizon, human error is a top contributing factor to breaches and hacks.

It should go without saying that human error and diligence play a major role in the effectiveness of legacy multi-factor authentication solutions. However, how diligent can a business expect its employees and users to be when attacks are becoming ever more sophisticated, and employees are under unprecedented amounts of pressure?

A simple, secure and passwordless alternative.

Keyless provides a simple, secure and interoperable authentication solution that allows organizations to solve the trade-offs between security, privacy and convenience.

Seamless user-experience combined with powerful security

At Keyless we combine seamless authentication with unparalleled security by providing a frictionless, passwordless solution for the workforce that is multi-factor by design.

Instead of relying upon memorized secrets to authenticate users, Keyless leverages advanced biometrics to authenticate a user in mere milliseconds — and all the user has to do is look into the camera of their trusted device.

Replacing passwords with something the user is (their unique biometricsnot only greatly reduces friction during the authentication experience, but also eliminates threats caused by poor password management and human error.

Our solution is not dependent on third-party vendors, which means it can be rolled out regardless of what platform and operating systems are being used, or what device a user owns.

Multi-factor by design

By leveraging the user’s device as a built-in second factor, Keyless provides seamless multi-factor authentication without the user needing to remember anything or carry additional devices (hard tokens, smart cards) with them.

The 3 authentication factors — knowledge (something you know), possession (something you have), inherence (something you are).

Unparalleled privacy

Keyless is the only biometric, passwordless solution that combines the security of distributed systems with privacy-enhancing technology to store and process authentication data.

Keyless builds upon novel cryptographic techniques that allow our network to compare encrypted biometric templates — without decrypting them — in a matter of milliseconds. Because templates are never decrypted, they can be safely stored in the cloud where no personal information about the user can be extracted.

Storing encrypted, biometric data on our distributed network ensures that sensitive information is never stored on a user’s device, where there is risk of it being linked to a user’s identity if the device is lost or stolen.

Universal solutions for a global workforce

True privacy, security and convenience can only be achieved with universal solutions that work from anywhere in the world, on any device, at any time.

Our biometric multi-factor authentication solutions can be quickly integrated and deployed to a globally distributed workforce to enhance security and privacy — no matter what devices or operating systems employees use on their personal devices.

To ensure seamless and fast deployment, Keyless is designed to integrate seamlessly with existing identity management systems like ForgeRock, Okta and Ping Identity.

Since Keyless Solutions are device-agnostic and designed to integrate with existing systems, companies can save on costly and unnecessary overhauls to their current security infrastructure — meaning they can offer strong authentication quickly, at an affordable cost.

Passwordless is just the beginning

Our privacy-enhancing biometric authentication solutions for the workforce have the power to transform the authentication experience for the better, whether online or in the real world.

Businesses cannot only eliminate the vast majority of cyberthreats with Keyless — including 99.9% of all hacking and phishing attacks — they can also enhance how employees and users interact with digital services. Thanks to the seamlessness and security of biometrics, businesses can start to close the gap between security, privacy and usability, thus making the internet, and by extension the world, a far safer place.

Want to learn more about our workforce authentication solutions? View our one-pager!

. . .

Request a Free Demo of Keyless

Keyless™ authentication can help deliver secure and seamless digital experiences for your end-users and for your increasingly remote workforce.

Head to our website to learn more about our biometric authentication and identity management solutions.

www.keyless.io

Alternatively, you can email us directly at info@keyless.io

Get In Touch

Find out how our private-by-design MFA can help your organization prevent ATOs, improve UX, and protect your bottom line.