�
PREDICTIVE
INTELLIGENCE
Passing on
passwords:
How to embrace the new
identity era
The username and password have long been the
baseline method for protecting accounts, but for
consumers and businesses alike, they’ve become a
lose-lose. Nick Caley, Vice President, UK and Ireland,
ForgeRock, explains why.
or consumers,
F
the tipping point
passed when the
number of online
accounts they
held reached
the hundreds,
meaning they can no longer be
expected to remember credentials for
them all. Consumers now often reuse
a single set of log in details, which
they can remember across accounts.
According to First Contact, 51% of
people use the same passwords for
work and personal accounts.
This jeopardises the security of every
account because they are all only as
secure as the weakest link. Recycled
passwords and usernames are leading
attack vectors used in data breaches;
the World Economic Forum (WEF) found
that four out of five breaches are caused
by weak/stolen passwords.
The scale of this problem is clear from
a range of research. Our Identity Breach
Report found that over five billion US
consumer records were breached in
2019 alone, with personally identifiable
information (PII) accounting for 98% of
all cases. With the pandemic having
forced more of our everyday lives online,
these numbers will surely only grow.
For businesses, research by Mastercard
showed that the friction introduced by
usernames and passwords can lead
to lost revenue as a third of users
forced to recover their password will
abandon the log in process altogether.
Additionally, password and username
recovery leads to higher help desk
costs; WEF estimates that the average
annual large company spend on
password resets is over US$1 million.
The foundation for passwordless,
usernameless authentication has
already been laid
So why the slow progress,
especially since the technology and
regulatory bedrock for passwordless
and usernameless authentication is
mostly in place?
Over the last 10 years, smartphone
manufacturers, like Apple, have paved
the way for this type of authentication
and access technology to evolve from a
vision into an everyday reality, beyond its
initial application of mobile devices. Now
software-based biometrics, which takes
advantage of the high-quality cameras
used in mobile phones, can allow for
www.intelligentciso.com | Issue 29
33