Passwords have been a constant throughout our digital “coming of age”. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources. Passwords are so deeply ingrained into our web apps and accounts, it can be challenging to imagine operating without them.
The hard truth about coming of age, however, is there are some constants that you simply outgrow. Times change, and keeping afloat means adapting to them. Information security in the modern enterprise is no exception to this—you only need to read the latest data breach headline to realize the cyber world is a harsher place now than in the early days of the internet. That 81% of these data breaches involve stolen or weak passwords is a clear sign—to grow along with the digital age, we must leave passwords behind.
Earlier this year, we wrote a post to say that it’s finally time to say goodbye to passwords. Now, users, whether they realize it or not, may be ready to do so. Consider these findings from a joint report between Opus Research, Mastercard, and The University of Oxford:
- Users have up to 90 online accounts
- 51% of passwords are used at least twice by a given user
- 21% forget passwords two weeks after creation
- 25% of users forget at least one password per day
It’s easy to see how this negatively impacts the workplace. Users forgetting passwords on a regular basis add up to a lot of time spent frozen out of their accounts—and lost productivity. IT, meanwhile, has to devote hours of time to dealing with password resets at the expense of more pressing initiatives.
Passwords are the cause of these everyday disruptions. Here’s how the workplace could look without them.
Secure access guaranteed, from anywhere, at any time
Passwords are far from the best authentication factor to protect your accounts. Passwords as a form of security are based on what the user knows, which makes them too easy for users to forget—and for hackers to get ahold of. The issue here is that password-protected devices, networks, and systems have no way of knowing whether the right person has entered that password. They respond only to the correct credentials, not the correct context. IT admins can use contextual access management to cut passwords out of the workplace with Okta Adaptive MFA. They can design their organization’s security policies to define what login contexts are considered irregular or not, and can choose to implement a range of authentication factors to replace passwords, like mobile authenticator apps like Okta Verify or U2F tokens.
This also improves the user experience. Users want to work remotely from the device and network of their choice, and IT can make sure they can do so securely by evaluating the device, location, and network they use to gain access.
Let’s take Jane, for example. Most of the time she works in her office in Los Angeles, occasionally from a local cafe next door. These locations and networks have been defined as safe by her IT admins, so all she needs to do to gain access to her work systems is tap a push notification sent to her phone—it’s access made easy.
However, now she’s flying to Manila for a week-long business trip. She hasn’t been before, and tries to connect to her work system in the hotel. Because this is such an unprecedented access request, her IT admins prompt her to login via biometrics on Okta Verify. Jane receives her access, and the system now knows that her hotel network in Manila is a safe and verified location. Moving forward, she can log in without an additional authentication step for the rest of the week, allowing her faster access to the files she needs to prepare for her presentation.
When it comes to sharpening the enterprise, there’s no such thing as a silver bullet—threats will always evolve, and processes can always improve. However, with the solutions in place to authenticate the identity every user, a passwordless workplace could be anywhere in the world.
Inspired to go passwordless? Find out how by reading our whitepaper, How to Go Passwordless with Okta.