In a year full of security problems and remote work, businesses are looking for ways to ensure their security. Passwordless technology is making waves, but each business must determine if it’s right for them.
Let’s face it, 2020 was a nightmare we all wish we could forget. Pandemic. Social injustice. Protests. Riots. Skyrocketing crime rates. And all during an election year. For businesses, there was even more to wish away: Security breaches, misconfigurations, hacks, leaks, digital transformation, remote work. With the landscape of technology changing and the ever-rising number of attacks, businesses are seeking new ways to protect themselves. Passwordless technology seems to be the next wave of security, but is it right for your business?
Passwords have long been a thorn in the side of sysadmins and IT departments worldwide. They are a hassle, they are hard to remember and decryption methods have rapidly evolved to allow hackers to more easily steal them. Plus, people tend to recycle passwords for websites, leading to less security for every account with the same credentials. According Gartner, 20-50% of all help desk calls are for password resets. Add in the World Economic Forum’s estimation that cybercrime costs the global economy $2.9 million every minute with around 80% of those attacks directed at passwords, and we’ve got ourselves a very big problem.
Another consideration for businesses is that threat actors use old attacks because they still work. They still work because businesses are not diligent about patching, configuration and updating security protocols. Crowdstrike recently shared a blog post on security in the agriculture industry and shared, “Five minutes after gaining access to the host …, the adversary modified the registry to implement a widely known procedure that enables credentials to be stored in clear text within memory, facilitating credential theft:
hklm\system\currentcontrolset\control\securityproviders\wdigest /v UseLogonCredential /t REG_DWORD /d 1 /F”
Enter passwordless technology. This isn’t just biometrics, although that plays a role, but includes things like YubiKeys, smart cards and USB keys. Microsoft is leading the charge with the Microsoft Intelligent Security Association (MISA). MISA is, “an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats.” It currently has 237 member offers on its site for businesses to peruse.
This technology is relatively new, which means it’s somewhat untested in the real world. There are always risks to using any form of technology, but especially something new. As businesses ramp up security for 2021, it is important to take a hard look at passwordless technology. The benefits include employees not having to remember passwords, less calls to your help desk for password resets, and tighter security because a threat actor would have to have access to the physical key or biometrics used. It’s still not foolproof because nothing is, but if you’re not providing a password manager to your employees for internal systems so that strong passwords are generated and random, then this is a great option. Cons include loss of the physical key, duplication of the key and theft of biometric data.
Every business has its own needs and budget, so it’s important to weigh all of the options before making a decision. Passwordless technology might not be feasible for some businesses and might not be practical in others, but the majority of businesses are likely to benefit from having this type of security in place.
We always recommend that you consult an expert when considering new technology or complex technological projects. This is no different. It’s both new and complex and will have a learning curve to maintain. Don’t try to do it alone if you plan on going this route. Bring someone in, have them show you everything and educate you on how it all works. Make sure you have a solid idea of what you are getting into before making any changes and remember that you will have to train your employees on the technology as well. Security is vital to the success of every business, make sure you’re doing it right!