With weak or stolen passwords accounting for an average of four out of five global data breaches, a new study has said it is safer not to have a password. The new report released by the World Economic Forum, here during its 2020 annual meeting, said that freeing ourselves of passwords will actually make individuals safer and businesses more efficient.
Cybercrime is set to cost the global economy USD 2.9 million every minute in 2020, and some 80 per cent of these attacks are password-related.
Knowledge-based authentication – whether with PINs, passwords, passphrases, or whatever we need to remember – is not only a major headache for users, it is costly to maintain, the study found.
For larger businesses, it is estimated that nearly 50 per cent of IT help desk costs are allocated to password resets, with average annual spend for companies now at over USD 1 million for staffing alone.
"Passwordless authentication does not mean removing all security barriers to our digitalized society. It means harnessing tools such as artificial intelligence and machine learning to save users time and save company money," the WEF said.
“With the growing availability of biometrics and next-generation technology, consumers are demanding a better digital experience while wanting to be secure online," said Adrien Ogee, Project Lead, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum. “Better authentication practices are not just possible they are a necessity.”
The report, produced in collaboration with the FIDO Alliance, has suggested five top passwordless authentication technologies, ready for implementation by global companies. They are biometrics, behavioural analytics, zero-knowledge proofs, QR codes and security keys.
"Relying on passwords as the primary means for authentication no longer provides the security or user experience that consumers demand," said Andrew Shikiar, Executive Director and Chief Marketing Officer of the FIDO Alliance.
The path forward is with standards-based, cryptographically secure authentication that keeps login info secure and private, while providing fundamentally better user experience.