The holiday season, once marked by bustling malls, has transformed into an online frenzy of clicks and carts. But while shoppers hunt for deals, fraudsters are hunting for profits...
How Device Biometrics and WebAuthn Ended Passwords
by Taira Sabo
For years, businesses and consumers have suffered due to passwords and their frustrating consequences. And there have been no real alternatives, just the many solutions which can only be described as patches to a very slow leak. But the time has come where we can finally break up with passwords once and for all. All thanks to two important aspects that have allowed us to move to passwordless authentication — usable biometrics and WebAuthn.
In this article, we’ll look at the journey of biometrics, dive into how biometrics and WebAuthn enable passwordless authentication and discover the passwordless authentication service that started it all.
The start of usable device biometrics
More than seventy years ago, passwords were first implemented to authenticate users on a local machine. Since that time, they have evolved very little. The entire identity market is based on the password, and everything that was developed up until modern biometric authentication was designed to minimize the holes passwords left open. Passwords are inherently insecure, which is why authentication policies, ATO detection and single sign-on were developed.
So what is it that signaled the end of the password regime? Usable device biometrics. In 2013 Apple introduced TouchID for the first time. This wasn’t the first time that device biometrics was introduced to the market — IBM and Samsung had device fingerprint readers long before Apple. However, what Apple managed to achieve when they launched TouchID were usable device biometrics. Before that, it was really hard and clunky to incorporate device biometrics into everyday life.
But everything changed after TouchID. From the moment it was introduced, it was clear that TouchID would be significantly easier for end-users than any other method of authentication.
The launch of Apple’s TouchID paved the way for the entire authentication industry. The sheer number of devices manufactured today with built-in biometric readers demonstrates a dramatic shift in authentication.
WebAuthn brings it all together
The other major player in finalizing the end of passwords is WebAuthN. This API allows servers to register and authenticate users using public-key cryptography instead of a password. Thanks to WebAuthn, web applications can actually use and benefit from device biometrics. Again, the proof that this is the way forward is shown by all the major browser vendors today who support WebAuthn.
Combined with readily accessible device biometrics, WebAuthn has ushered in the end of the password regime.
The problem with passwords
The death of the password is a great step forward for better security, but there’s more to it. Consumers are not as concerned with security as vendors are. Rather, customers are on the hunt for authentication that’s easy and effortless. Unfortunately, customers resort to unhygienic practices such as password reuse and password sharing as a way to cope with remembering cumbersome passwords.
What organizations may not realize is that passwords also have a negative impact on business. This can be seen in the following ways:
Directly hits top-line revenues
Inflicts additional pain that leads to cart abandonment
Causes unnecessary frustration and friction which leads to identity attrition
Negatively affects customer experience and loyalty
By eliminating passwords and implementing a passwordless solution, businesses can effortlessly authenticate customers while reducing all forms of friction and identity attrition.
The Identity Experience Company
Given the current state of authentication, Transmit Security set out to create a passwordless authentication service that would provide organizations with an easy-to-integrate, omnichannel authentication experience.
“Passwordless authentication marks the end of an era. No more multiple IDs and credentials needed for each website. No more password resets and locked accounts. For the first time ever, customers can authenticate using biometrics using just their mobile device. Transmit Security makes Customer Identity and Access Management simple, unified and much more secure. ”
Mickey Boodaei, CEO and Co-Founder Transmit Security
Only Transmit Security passwordless authentication provides a completely organic and password-free customer login experience. The development of this technology represents a dramatic leap forward in the industry, with improvements in both customer experience and security.
As a content writer for Transmit Security, Taira specializes in discovering and sharing trends and insights in the identity security industry. Her experience in various marketing and content roles in high tech gives her a unique perspective on content creation. Previously, Taira served as blog manager at leading website builder platform, Wix.com.