Passwordless authentication methods have been widely spoken about across the cybersecurity and tech industry for years. Offering both hope and fear, a passwordless future has felt imminent for some time. However, an S&P Market Intelligence report report released this week by Keeper Security released a S&P Market Intelligence report has demonstrated that username-password combinations are still the most widely deployed form of authentication deployed in organisations (58%). The next most popular forms of authentication are mobile push-based MFA (47%), SMS based MFA (40%) and biometrics (31%).
“Passwords continue to reign supreme as organisations struggle to balance security with simplicity, cost of ownership and flexibility– particularly in hybrid working environments,” said Darren Guccione, CEO and Co-Founder of Keeper Security. “SSO and passwordless authentication– although effective– are not universally supported, and therefore, create security holes that leave organisations vulnerable. It is crucial for organisations still relying on the password and username combination, or a hybrid model of passwords and passwordless technologies, to ensure they are managed appropriately and securely.”
The S&P Market Intelligence Business Impact Brief indicates that the widespread use of username-password combinations requires organisations to have comprehensive password management policies in order to ensure employee password practices are as secure as possible. Password managers make it easier for both IT administrators and end users to create, rotate and store passwords, as well as 2FA and MFA codes. In fact, many organisations use a combination of multiple authentication factors to complement password and username combinations, making this integration even more of a necessity.
Largely due to momentum of the Fast Identity Online (FIDO) Alliance, passkeys as a form of passwordless authentication are gaining traction with support from Apple, Microsoft and Google. Passkeys are passwordless credentials that make it substantially easier for consumers to adopt FIDO-based authenticators. However, in terms of enterprise adoption, passkeys are still in the very early stages.
“While passkeys present enticing security benefits, websites have been slow to support them for a variety of reasons. With more than a billion websites in existence, there is a long path ahead for any passwordless option to become ubiquitous,” said Guccione. “As password and username combinations will remain a key part of the enterprise landscape for the foreseeable future, password management solutions that integrate and support a wide range of authentication methods, whilst ensuring security and cyber hygiene, will be important for all organisations to boost cyber resilience.”
Earlier this year, the IT Security Guru spoke to experts about the past, present and future of passwords. Read what they had to say here.
The full report can be downloaded here.