The End of Passwords as a Powerful Tool for Improving Security

By Ghassan Dreibi, Cybersecurity Director at Cisco Latin America

In the midst of the constant interactions we all have with applications, services and data on the Internet using online accounts, digital security is an important pillar of support. A breach of this virtual information can result in serious real-world consequences such as financial theft, business interruption or damage to privacy. In other words, digitization without security is nonsense, and even if passwords are an important layer of protection for digital assets, they are no longer enough.

According to Verizon’s second annual data breach research study (2021) for 61% of virtual crimes, especially ransomware, weak or reused passwords were used, and Multi-Factor Authentication (MFA) acts as an additional layer of security, minimizing invasions and validating the identity of users.

Password-less authentication is a fundamental starting point for making viable the zero trust architecture, a strategic initiative that has «never trust, always verify» as its core principle, and is a resource that enterprises are already looking to a lot. Globally, more than half of IT decision-makers plan to implement a passwordless strategy in their organizations according to Cisco’s Duo Security Report (2021).

Multifactor authentication has proven to be the most secure and convenient alternative, as it is demanded by individuals, end users, as well as organizations and their direct and indirect employees. MFA is achieved when the system validates an identity using two or more actors, where neither includes something the user already knows (a password or PIN code), and with something the user has such as a token or fingerprint. This ensures that the user is who they claim to be and therefore improves security, simplifies authentication and reduces frustration, as people are not required to create, store or remember passwords.

For companies of different sizes that wish to follow this revolutionary digital security path with MFA, here are some important steps to take into account:

● Perform a census of all users and devices or at least a relevant part of them.

● Obtain from this census a centralized and complete database.

● Integrate the database in a cloud with the possibility of having a backup copy (back up).

And finally, define the MFA solution to be used, preferably adopting one tool for all applications.

These steps expand the use of multi-factor authentication solutions, evaluate the elimination of passwords for strong authentication and increase the number of people using zero trust architecture, ensuring that users are constantly validated.

Therefore, the benefits of passwordless authentication are undeniable and result in a higher level of security as well as reduced IT time and costs. According to the Gartner Group, each year, 20-50% of calls to IT from U.S. companies are related to passwords, such as password reset requests. The estimated cost of this support exceeds $1 million annually in the U.S. according to Forrester.

Passwordless authentication thus enhances the user experience, as users begin to access applications with a tap or a glance and perform their online interactions and transactions more securely by strengthening trust in authentication, a critical step in establishing a zero trust architecture.

In addition, it enables a quick switch to mobile or cloud, ensuring that users can work remotely, increasing productivity and driving business agility. In other words, MFA is a good choice for everyone.