Why go passwordless?


Passwords continue to rule our lives. By now you know the rules and inspirations for typical passwords: eight to sixteen digits (yes in some cases that long!), alphanumeric, special characters, our pet name, our favourite colour, our mother’s maiden name. Oh, and change them every 30 to 90 days.

And that’s just for setting one password. Think about how many times you’ve just added a character here and there to change it up from one service to the next, because how in this world will you remember all those minute differences for each account? And on top of the personal accounts we need to manage, we’re also charged with setting and maintaining passwords for professional resources as well. It’s a mess.

From a user convenience angle, managing all these different instances of passwords creates a lot of friction. For larger businesses, it’s estimated that nearly 50 percent of IT help desk costs are allocated to password resets – that can amount to more than $1 million in staffing just to help your team reset their passwords.

It’d be one thing if passwords were costly but got the job done and kept out the bad guys. But they don’t! Passwords are expensive and continue to be the #1 attack vector and cause for breaches. Stolen and compromised passwords continue to be the top way that malicious users get into accounts – including in major hacks like the SolarWinds breach. For organisations, using passwords tends to create weaker security, more friction, and a higher total cost of ownership. It’s lose-lose-lose.

Those baseline password woes were exacerbated by a crazy 2020 and the major shift to a remote workforce. In some cases, organisations had to rush out remote work resources virtually overnight, accelerating their digital transformation initiatives. Today, enterprises are looking for ways to enable their workforce for permanent remote work by providing a secure means to log-in to their workstations. And they need to find a way that’s not only frictionless but also boosts productivity. They need to go passwordless.

There are various solutions that offer passwordless ways to get into your Windows machines and web and SaaS-based applications by using FIDO2 (Fast Identity Online) Security Keys.

This capability provides multifactor authentication (MFA) to workstation logins that leverage FIDO2 as a hardware authenticator and meet the high assurance levels required for proving compliance, without impacting user convenience.

FIDO2 security keys provide stronger defences against phishing and man-in-the-middle (MitM) attacks. Windows login with FIDO2 security key as a strong form factor adds multiple layers of security, including a FIDO2 security key pin which unlocks the key itself. These logins also require that the users tap on the key to make sure a human is using it – and not malware acting on behalf of the attacker. By adding more layers, these solutions make it harder for the bad guys to get where they shouldn’t.

Whatever approach your organisation takes, look for trusted vendors with proven passwordless technologies. Passwords rule our lives, but we can – and should – change that. Let us show you how.

C4 Secure, based in Northamptonshire, offers true passwordless solutions from RSA, the leading identity authentication solution.  Our experts have many years’ experience in guiding and advising clients to achieve a smooth path towards ensuring users identities are measured, and safeguarded.  We also provide assistance for organisations to gain Cyber Essentials accreditation, and to bolster GDPR compliance.  Contact the team on 01604 439303 – they’re waiting to help.