COVID-19 crisis emphasizes importance of a passwordless future, WEF says
Dependency on the internet, digital infrastructures and remote work amid the coronavirus outbreak have created a perfect opportunity for online criminal activity to increase, warns the World Economic Forum (WEF). As criminals have been successfully manipulating COVID-19-related information to launch attacks, the organization points out there is no better time like the present to get rid of passwords and go passwordless with technologies like biometrics to verify user identity.
By adopting technologies such as biometrics, behavior analytics and device attributes, passwords, usernames, SMS and other less secure methods could be phased out. Passwordless authentication reduces security and compromised credential risks, the organization explains.
According to a recent World Economic Forum report, implementing a passwordless strategy would boost security, as companies would be less exposed to data breaches, and reduce business costs caused by password management and data breaches. It could also enable digital transformation by reducing friction and improving regulatory compliance, and increase the usability of biometrics, for example, which could be used to log in to other systems and products.
To deploy passwordless authentication across an entire company, businesses have to make sure they can remove passwords and credential-based solutions completely and integrate the strategy with all interfaces and systems. This could allow authentication that supports protocols such as Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) for data authentication exchange.
WEC names five key areas where companies could start implementing passwordless technology: VPN and remote access could have static credentials removed, contact and information technology by getting rid of password resets and account lockouts, remote desktop and virtual desktop infrastructure (VDI), customer identity and access management, and critical applications.
Password and credential theft has ranked as a top vulnerability, which has turned it into a critical component of any corporate policy to secure digital infrastructures and reduce risks. Methods such as two-factor authentication (2FA) which uses SMS, one-time passwords (OTPs) and hardware tokens do not increase security because they are layers to an existent system based on usernames and passwords.
Onfido is the latest biometric company to join WEC’s efforts to develop a passwordless future.
This month, WEC published a white paper describing in detail its proposed biometrics-backed paperless international travel concept, called Known Traveller Digital Identity, a limited pilot project involving travel between Canada and the Netherlands.