Organisations are starting to recognise the inherent weakness in their security that a decades-old over reliance on passwords brings.
Today, many of us have access to over 50 online accounts at any one time, whether in the workplace, with utilities, banking, entertainment, forums, social media and more. Each in turn requiring its own unique, complex and non-sequential passwords or phrase. If that wasn’t tough enough, we require different special characters, varying lengths and we need to change many of them every 45-90 days. With 80% of breaches down to this over-reliance, a huge global rise in variants of phishing aimed squarely at exploiting this, and the cost of data breaches rising now to nearly £3m, over £100 for each and every data record stolen, now is the time to make that change.
With an increase in businesses using Bring Your Own Devices and access to data with cloud services it’s vital we evolve beyond Passwords.
Password less solutions such as Windows Hello, Security keys and Microsoft Authenticator are a great step to begin preparing your organisation to eliminate passwords and reducing IT troubleshooting time.
Bio-metric technology improves security and safeguards user privacy
The goal of user authentication protocols, including passwords, is to verify user identity. But just because a user knows a password doesn’t mean they are the person they claim to be. In fact, 81 percent of breaches leverage stolen or compromised passwords. Passwords are not unique identifiers.
To improve security, we need a better way to uniquely identify users. This is where bio-metrics come in. Your iris, fingerprint, and face are unique to you—nobody else has the same fingerprint, for example. Password less solutions, like Windows Hello, rely on bio-metrics instead of passwords because bio-metrics are better at accurately identifying a user.
Bio-metrics, like other personal identifying information (PII), may raise privacy concerns. Some people worry that technology companies will collect PII and make it available to other entities. Or that their bio-metric image might get stolen. That’s why Microsoft and other security companies in the Fast IDentity Online (FIDO) Alliance developed the FIDO2 standard to raise the bar for securing credentials. Rest assured, Microsoft uses FIDO2-compliant technology that does NOT view, store, or transfer ANY bio-metric images.
Improve security, reduce costs, and increase productivity
To help you think about the costs associated with passwords, we’ll share some numbers from Microsoft’s own experience rolling out password less to its users. After about a year since Microsoft began this journey, most users don’t use a password to authenticate to corporate systems, resources, and applications. The company is better protected, but it has also reduced costs.
Passwords are expensive because users frequently forget them. For every password reset Microsoft incurs, soft costs are associated with the productivity lost while a user can’t sign in. The company also incurs hard costs for every hour a Help desk administrator spends helping a Microsoft user reset their password.
Microsoft estimated the following costs before rolling out password less to its employees:
- $3 million a year in hard costs.
- $6 million a year in lost productivity.
As of today, Microsoft has achieved the following benefits from its password less roll out:
- Reduced hard and soft costs by 87 percent.
- As Microsoft costs go down, attackers’ costs go up, so the company is less of a target.
Microsoft password less solutions include Windows Hello, the Microsoft Authenticator app, and FIDO2 security keys from Centrality can help you accomplish the following:
- Stronger security.
- Reduced costs over time.
- Increased attacker costs.
- More productive users.
To discover more about Microsoft password less solutions get in touch.