Passwords were already losing fans before the pandemic. But as the coronavirus shut down offices, banks, stores and government service centers, our lives became more digital and our collective distaste for passwords grew. They caused frustration as we tried to log into VPNs, learned mobile banking apps or interacted with retailers online. All of those remote workspaces and newly activated mobile apps also created target-rich environments for hackers.
The pandemic also created new policies related to disease transmission. The previously innocuous act of touching screens or keyboards now presents serious transmission risks — which has many enterprises scrambling to create mitigation policies.
So, here we are, midway into 2020 and we’re embroiled in much more contentious arguments with passwords than when the year started. The challenge for enterprises: How can we create a touchless authentication experience that improves security, productivity and safety?
It starts with security
Security is the chief concern — one that has been exacerbated by the surge in remote work. Even in the office, Verizon’s Data Breach Investigations Report found that 80% of all data breaches are the result of compromised credentials (per a 2020 Verizon study ). Hackers know people working from home are anxious and distracted, they know how to take advantage. Phishing is often the attack of choice, and it is effective. In an Entrust consumer pulse survey conducted in mid-April, 24% of remote workers admitted to clicking on links in COVID-related emails from unknown senders.
We’re also seeing new lows in password hygiene among remote workers, including reusing the same passwords over and over again or physically writing them down on sticky notes.
As many enterprises discover new economic advantages and employee goodwill in remote work models, these security risks are likely to intensify. In a recent survey of users of our authentication solutions, 82% expect to support sizeable and permanent remote workforces in the next year.
Reducing workstation touches to reduce health risk
Going “touchless” is about reducing the risk of surface transmission.
Consumers are increasingly opting for contactless credit and debit cards, allowing them to “tap and go” without the risk of spreading germs on a point of sale device. In healthcare, for example, some organizations are replacing physical cards with virtual credentials provisioned on workers’ phones to deliver safe and secure access to facilities and critical care systems. In corporate offices, the touchless workplace means reducing dependence on shared devices, often in favor of personal devices.
From passwordless authentication to the touchless experience
Security improvements, productivity gains and user goodwill all combine to form a compelling case for going passwordless. The additional consideration of mitigating disease transmission only strengthens the passwordless argument. In our recent customer survey, 74% cited passwordless authentication as important, with 38% highlighting it as a top IT priority.
The end goal is to do more than simply replacing the passwords with another authenticator. Ideally, enterprises should aspire to touchless workplace experiences that create a safer, more secure and productive workforce.
Many companies will move toward this goal using contextual or adaptive authentication. This is an improvement over single-factor authentication, but doesn’t deliver high-assurance authentication.
Entrust approaches the high assurance passwordless experience using mobile smart credential-based authentication technology. This approach provisions an encrypted digital certificate onto the worker’s smart phone — literally transforming the phone into their trusted digital workplace, unlocked using the phone’s biometrics. Credential-based passwordless authentication is a must for high-assurance workplaces where positive user identification and authentication is critical.
To learn more about realizing your passwordless and touchless workplace, view our on-demand webinar.