Enterprises continue to leverage antiquated, ineffective, and unsecure password-based authentication controls, which reduce workforce productivity, create negative user experiences, and damage business reputations. A recent IDG report found that 6 in 10 employees are disrupted, irritated, frustrated and waste time on passwords. Plus, passwords are time-consuming and costly to manage.
Despite these pitfalls, many organizations are still apprehensive about moving beyond traditional password controls, which is shocking to me. That’s why MobileIron sponsored a research report, “Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management,” by Enterprise Management Associates (EMA). We wanted to identify the requirements, challenges, value, and optimal approaches to introducing passwordless authentication solutions.
EMA looked at a wave of technologies – including device authentication, software and hardware tokens, authentication keys, biometrics, behavioral analysis, certificates, and other approaches – that have emerged to provide alternatives to traditional password-based login processes. EMA also looked at single sign-on solutions, which have been broadly adopted to substantially reduce the number of authentication processes that need to be initiated but still use passwords.
Given the pervasiveness and love affair we all seem to have with mobile, it’s not surprising that the EMA research report revealed that enabling mobile device authentication with biometric-based access creates a “best of both worlds” for ease of use by anyone, yet high-security required by IT, resulting in improved user productivity. EMA’s research results also indicated there is a particular opportunity for platforms that utilize low-friction access technologies.
The report noted, “If platforms are adopted that utilize low-friction access technologies (such as biometrics), organizations will be able to implement a solution that leverages existing resources without incurring substantial deployment efforts or related costs. Once authenticated, the mobile device (most likely a smartphone) becomes the primary user identifier for the vast majority of access transactions. Should a reauthentication be required—for instance, as part of a step-up multifactor authentication processes—biometric authentication technologies will require little, if any, effort on the part of the users. Additionally, the management of access policies governing mobile device authentication solutions will be centrally controlled by the organizations. Thus, businesses maintain control over access processes without burdening users with high-friction authentication requirements.”
Key findings that point to a shift in adoption of passwordless authentication:
- There is a direct correlation between the number of times a user authenticates and the number of user access problems that need to be addressed.
- 84% of organizations plan to adopt new authentication solutions within the next two years.
- Half of respondents believe passwordless approaches to authentication are more secure than passwords.
- Mobile device authentication solutions were determined to be the easiest of all identity management technologies to deploy, while one-time passwords were indicated to be the most challenging.
These findings are in line with another survey that MobileIron recently conducted with IDG, which found that almost nine-in-ten (89%) security leaders believe that in the near future, mobile devices will serve as your digital ID to access enterprise services and data.
The IDG report also revealed that enterprise users and security professionals alike are frustrated by the inefficiency and lax security of passwords for user authentication. Ninety percent of security pros reported to have seen unauthorized access attempts as a result of stolen credentials. Security leaders also estimated that they could reduce their risk of breach by almost half by eliminating passwords.
Clearly, it’s well past time for all organizations to start replacing passwords with a secure and frictionless alternative. That’s why MobileIron recently introduced the industry’s first mobile-centric, zero trust security platform. It allows for continuous enforcement and protection of data, both on the device and on the network, with comprehensive correlation between the critical signals for zero trust: user, device, apps, networks, and threats. It also includes a revolutionary zero sign-on experience built on MobileIron’s leading unified endpoint management (UEM) platform and powered by the MobileIron Access solution.
To learn more about how you can make the world’s most ubiquitous product – the mobile device – your ID and secure access to the enterprise, visit here.