Why Loginless is the Future of Authentication
It’s often said that familiarity breeds contempt, but psychological research reveals quite the opposite: the more people are exposed to something, the more they tend to like it — and the more likely they are to believe that it’s trustworthy and safe.
This phenomenon may explain the persistence of the traditional username/password login box, which far too many businesses continue to rely on as their brand’s digital front door. We’re all familiar with the login box, and plenty of consumers still think that passwords are the best way to secure their online accounts and digital identities. Unfortunately, this perception is entirely false.
The reality is that guessed or stolen passwords contribute to identity theft and fraud targeting consumers on a frighteningly regular basis. In the U.K., more than six percent of residents fall victim to these crimes every year – representing a 22% increase from pre-pandemic rates.
Password theft also plays a major role in a large number of data breaches. According to the 2021 Verizon Data Breach Report, passwords were responsible for 89% of web application breaches, either in the form of stolen credentials or because they were cracked in brute force attacks.
As digital transformation impacts nearly every aspect of our lives, we’ll conduct more and more important activities and high-value transactions online. Already we all have more user accounts — and with them, more username/password combinations — than we can possibly remember. As a result, people do what comes naturally: 86% of consumers admit that they reuse passwords at least sometimes.
As people spend more of their time and money in the digital space, their expectations for the security and privacy of their personal information are also on the rise. 92% of consumers state that they expect businesses to keep their personal data safe, and 87% say that they wouldn’t hesitate to take their business to a competitor if they felt they couldn’t trust a company to handle their data responsibly.
The onus is on today’s digital businesses: if they’re to deliver what their customers want and expect, they’ll need to find login and authentication solutions that can provide stronger security — and better customer experiences — than is possible with yesterday’s password-based approach.
The Future is Loginless
From cashierless grocery stores to automated parking payment systems directly linked to a vehicle’s numberplate, innovative solutions that rely on new, more convenient ways of ascertaining identity are already being introduced. Eventually — perhaps as soon as the end of this decade — the old-fashioned login box will be replaced by continuous, contextual and intelligent authentication methods. Such loginless authentication solutions will be able to deliver frictionless access to trusted users, while protecting their privacy and security.
Instead of demanding that their users each type in a password, tomorrow’s loginless authentication systems will monitor people’s behavior patterns, taking notice of when, where and how they interact with an app. Should an anomaly be detected, there will be an instant security response. Otherwise, there'll be no need to sign in.
Devices might leverage technologies like facial recognition in combination with fingertip pressure patterns on a touchscreen to verify that users are who they say they are. They might combine geolocation data with IP addresses to instantly detect when cybercriminals located halfway around the world try to hack into an account. In lieu of a password, they might identify a user through the way they type it.
This loginless future isn’t here quite yet, but many of the technologies that will pave the way towards loginless are already available for organisations to implement now. In particular, passwordless authentication makes it possible to improve both customer experience and security — building digital trust with consumers at the same time that you delight them with smooth, seamless experiences that showcase the value of your brand.
Today, new streamlined login options are gaining in popularity, and as their prevalence increases, consumers are finding the experiences they deliver to be far superior to what traditional methods could achieve. This is setting a new bar when it comes to customer expectations. As a result, analyst firm Gartner predicts that by the end of this year, digital businesses that can provide smooth and seamless identity verification journeys will be earning 10% more revenue than their less customer-focused competitors.
Already, consumers are indicating a preference for frictionless login methods. Customers are 50% more likely to register for an online service if they can sign up with a biometric method. And 39% of UK consumers are already using passwordless or biometric authentication whenever they can or frequently.
In essence, passwordless authentication methods are those that don’t use passwords. Users can be sent a one-time link or code to enter on the site where they’re authenticating, or they can verify their identity using a biometric trait like a facial scan or fingerprint. New standards-based authentication frameworks are also available, allowing for users to authenticate simply by using a registered device to access web applications.
Businesses that employ passwordless authentication don’t have to do so for every login. Instead, they can choose to allow passwordless logins only in low risk situations. For high risk logins, they can continue to require one or more strong authentication factors. For this reason, deploying multi-factor authentication (MFA) provides a solid foundation for going passwordless. MFA is a method of identity verification that requires the user to provide more than one piece of identification – like a password plus a one-time or code sent via SMS to a mobile device.
An organisation might start out their journey towards passwordless by implementing MFA and adding in an assessment of risk levels when deciding whether to prompt users to confirm their identity by supplying additional, stronger authentication factors. A login coming from a new device in a new location would thus require more evidence that the user is who they say they are than one coming from a known device on a familiar network. By tying the appropriate factor to the right level of risk, you’re able to achieve both convenience and robust security.
The same principle is at work in passwordless authentication. When risks are low, the login experience is streamlined and users are offered a simpler path to the resources they need access to. But when risks are higher, additional confirmation is required.
At Okta, we’re helping our customers move towards the loginless future of identity one step at a time.
We offer an array of passwordless capabilities to help our customers along their journey towards the adoption of passwordless authentication, helping them deliver delightful digital experiences while eliminating successful identity attacks.
Want to learn more about how Okta is helping companies prepare for a loginless future?
Download our new white paper, Build Trust, Not Barriers: That’s the Loginless Future, to learn more about how we’re making our vision – to transform tomorrow’s customer experience – a reality today.