In the world of identity management and security, fraudsters are constantly evolving their tactics, exploiting weaknesses in outdated device identification methods. For fraud, identity and digital experience teams, securing...
4 Changes in 2021 That Made Passwordless Mission Critical
We can safely predict most year-end reviews of 2021 will focus on Covid-19 variants, vaccines, ransomware, inflation and supply chain disruptions. Rightfully so. But the world will also look back on 2021 as a pivotal year when the main events accelerated digital transformation at an unprecedented rate. Case in point: passwordless authentication gained a jolt of momentum with investors pouring $3.2B into identity innovation.
In this retrospective, we’ll examine changes in 2021 that pushed the modernization of customer authentication and transformation to passwordless to the top of the priority list for 2022. Evolving customer expectations, skyrocketing fraud and shrinking profits are key motivators for companies needing to stay competitive. Many factors are at play, but here I’ll cover the four change agents that are most compelling.
As we entered 2021, grocery delivery services, digital banking, QR code restaurant menus and contact-free payments had become the ‘new normal.’ When the U.S. reached 200 million vaccinations, many speculated whether our new habits would continue. The short answer is, “Yes.” When it comes to ecommerce, however, the murky truth falls into a gray zone between increased web activity and supply chain delays.
How is this relevant to passwordless authentication? Companies need to recoup lost revenue, and passwordless can do this quickly. First, replacing passwords, an obstacle to online sales, will attract more customers who prefer the speed, ease and security of using fingerprint or facial ID. When you eliminate passwords, you’ll also reduce cart abandonment and support costs associated with account lockouts and recovery. Most notably, you’ll prevent fraud, which brings me to my next point…
2. Ransomware and identity fraud went through the roof
2021 started amid grand revelations of the Solarwinds attack and its far-reaching effects. News of cyberattacks kept rolling in from there. Colonial Pipeline and JBS Foods paid millions in ransom payments via bitcoin, making it nearly impossible to trace. And all three of these attacks started with cracked or stolen login credentials.
Ransomware also hit tech companies Acer, Quanta and Kaseya. In each case, hacker group REvil demanded $50-70M. In the world of finance, ransomware payments by banks and fintech reached an all time high, topping $590M in the first half of the year, according to the U.S. Department of Treasury.
Run-of-the-mill account takeover (ATO) attacks are also on the rise. We don’t have 2021 tallies yet, but ATOs in 2020 cost $16 billion in losses — a 300% jumpin a single year. A contributing factor is that most ATOs are automated by bots that churn through thousands of credential combinations by the minute. Hackers can take over customer accounts with very little effort and risk. If it’s a transactional account, the attacker can inflict serious financial damage before anyone notices.
Perpetuating the problem, stolen credentials and personal data are bought and sold on the darkweb every day. In April we learned of a Facebook hack that leaked the data of 533 million users. Soon after that, a LinkedIn data dump exposed 700 million users, including usernames and profile URLs. That’s half a credential combo plus clues hackers can use to guess passwords and take over accounts.
With staggering financial losses at stake, companies are more motivated than ever to eliminate passwords. This single change could stop 81% of attacks — the percentage of threats that start with a username and password. With biometric authentication, we can validate user identities with confidence. Fingerprint and facial recognition solve the problem of weak security with one easy-to-use solution.
3. Passwordless has grown in popularity
Throughout the pandemic we’ve been reminded that tackling big problems requires us to work together across industries on a global scale. Making the shift from antiquated password-based logins calls for an equal amount of collaborative effort.
The FIDO Alliance has spearheaded this mission for years, and as a board member, Transmit Security is honored to work alongside industry giants, including Google, Apple and Microsoft. These three companies in particular deserve credit for raising awareness and demand as they’ve rolled out passwordless login options over the past two years.
As another step forward, FIDO released the first set of UX guidelines this year to smooth the transition to passwordless authentication. The toolkit gives service providers an implementation path that simplifies biometric authentication deployments.
FIDO’s guidelines also give companies a roadmap for building consumer confidence in passwordless. To increase adoption, end users need to know their biometrics are not handled like passwords and cannot be stolen by brute force, credential stuffing, phishing or even man-in-the-middle attacks. Most users simply want to know their biometrics are safe, their accounts are more secure, and it’s a far better user experience.
4. Customers are demanding easier experiences
As more of us worked from home, we ‘lived’ online. In the process, we all became connoisseurs of the digital experience, refining our preferences with every click and swipe. Somewhere along the way, we encountered something better, a simple experience that felt liberating. Naturally, customers gravitate to fast and easy access, whether making a bank deposit, scheduling an appointment or ordering pizza.
In the same way that we saw the collapse of the workplace as a physical office, we’re seeing other structures and barriers dissolve. Consumers now want the freedom to move about in the digital world as they please. They want to be able to switch between devices, browsers and apps without complications.
Consumers are also tired of one-time passcodes, password resets and lockouts. Instead of going through an account recovery process, they’re more likely to leave a site, ditch their cart and find another place to do business. They’ll seek instant gratification until they find it. Service providers must give customers speed and efficiency to move across channels with minimal effort — or expect to lose business to competitors that do.
For too long we’ve talked about passwordless as the ‘future’ of authentication. But the time is now. In 2021 passwordless entered the spotlight as the solution of choice, solving monumental security challenges and new expectations for easy digital experiences.
Even after the pandemic ends, the digital transformation will have lasting effects. We’ve seen rapid adoption of new innovations and changes in how we use technology. Mobile devices have become authenticators and proof of identity and digital wallets. Many U.S. states now offer QR codes, apps and portals to make digital vaccine cards accessible to the masses. You can even check into a hotel room without stopping at the front desk, thanks to keyless room access with a mobile device.
In 2004, the same year the U.S. launched the National Cyber Alert System, Brooks launched her career with one the largest cybersecurity companies in the world. With a voracious curiosity and a determination to shed light on a shadowy underworld, she's been researching and writing about enterprise security ever since. Her interest in helping companies mitigate deceptive threats and solve complex security challenges still runs deep.