Onfido joins World Economic Forum in push for passwordless future
According to the whitepaper Passwordless Authentication: The next breakthrough in secure digital transformation, which was presented at the event in Davos, cybercrime will cost $2.9 million every minute in 2020, while 80 percent of breaches will be caused by poor or stolen passwords. In 2019, the average global cost of a data breach was $3.92 million, up 1.5 percent from 2018.
With passwords no longer being a robust security measure, passwordless technologies such as biometrics, behavioral analytics, zero-knowledge proofs, QR codes and security keys could solve the problem.
With the average business user managing more than 191 pairs of usernames and passwords, consumers are likely to use the same password for multiple accounts, rather than remembering a unique, complex password for each online account.
Onfido’s Director of Policy, Parker Crockford, explained in a WEF Agenda blog post that knowledge-based authentication such as PINs, passwords, passphrases, and other information the user has to remember is not the solution. Weak or stolen authentication credentials, he writes, are the cause of most data breaches.
The World Economic Forum pushes for a passwordless future, arguing employees would then be more productive, automatically generating higher revenue. Discarding passwords would also lead to lower costs in case of data breaches.
Onfido claims each employee spends some 11 hours per year entering or resetting passwords, and for a business with 15,000 employees, it would generate a $5.2 million loss. IT departments and call centers waste approximately 2.5 months resetting internal passwords, with an estimated cost for anywhere between $30 to $70 per reset.
A passwordless environment, WEF says, would deliver better user experience. As many as 86 percent of customers would pay a premium if they were guaranteed a better user experience.
A leading passwordless advocate is the FIDO Alliance, whose open standards for passwordless authentication to online and mobile services have encouraged interoperability. In partnership with the World Wide Web Consortium (W3C), it developed FIDO2, which became a web standard in March 2019.
WEF believes passwordless solutions would provide more robust security and would significantly reduce the number of data breaches.
Onfido is committed to further working with the World Economic Forum, FIDO Alliance and DID Alliance to promote a passwordless future and develop technology and guidelines to reduce the need for passwords. The company has recently completed the Service Organisation 2 (SOC 2), Type 2 certification which confirms the company’s commitment to protect customer data and privacy.
Both international companies and regulatory bodies are invited to participate in the discussion by joining the Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust or the Identity Verification and Binding Working Group.