More companies are shifting workers to passwordless authentication

The frustration with passwords is universal, and organizations are beginning to take notice. Chief information security officers (CISOs) are particularly concerned about employees leaving passwords visible or resorting to sticky notes on their workstations. Meanwhile, employees dread the hassle of juggling multiple passwords to access a variety of systems. To tackle these challenges, passwordless authentication technology is gaining traction. A recent study conducted by Wakefield Research, sponsored by the security firm Portnox, reveals that a staggering 92% of CISOs surveyed reported that their organizations either have implemented or are planning to implement passwordless authentication systems. This marks a significant increase from 70% just a year prior. CISOs emphasize that the primary advantages of passwordless authentication include enhanced employee productivity and a smoother user experience. This innovative technology allows for user identity verification without traditional passwords, utilizing methods such as hardware tokens, biometrics, or mobile push notifications. The potential benefits are significant, ranging from improved security to a more seamless user experience. For example, Universal Technical Institute has adopted a passwordless platform from Microsoft. Senior VP and CIO Adrienne DeTray shared that the benefits have been noticeable, with reductions in password resets and fewer service desk inquiries, allowing employees to start their day more efficiently. DeTray emphasized the cultural shift this technology represents, stating, "It demonstrates our commitment to making technology feel lighter and more human. The administrative burden of multiple logins has become a significant part of the work experience, and this transition alleviates that pressure." R Systems International is also transitioning to a passwordless environment, with CTO Srikara Rao explaining that this move responds to the evolving threat landscape, as traditional multi-factor authentication struggles to keep pace with modern security challenges. "Credential-based attacks are the most significant threat, with a marked increase in phishing attempts. We must adopt solutions that are resistant to such threats," Rao noted. Moreover, the operational costs associated with password resets can be substantial. Research from Forrester indicates that a single password reset could cost around $70, a figure that quickly adds up in larger organizations. Compliance requirements, such as PCI 4.0, further necessitate seamless reauthentication processes, something passwordless authentication aims to provide. Healthcare provider Diversus Health is also making strides in this area, implementing certificate-based network access control to address high-risk threats identified during a recent HIPAA compliance audit. IT security administrator Neil Ford explained that their deployment of Portnox's certificate-based system allows for transparent verification of devices without burdening staff. A critical factor in successfully adopting passwordless authentication is effectively communicating the change to employees. As Rao points out, organizations must help staff overcome their ingrained habits regarding passwords and alleviate concerns about device loss. This communication should frame the technology as a benefit rather than a mandate, emphasizing reduced frustration and faster access. R Systems has taken proactive steps by hosting interactive training sessions to familiarize employees with new access tools, like fingerprint identification. Rao stressed that comprehensive user education is vital for a successful rollout. Their strategy embraces open standards like FIDO2 and WebAuthn, allowing flexibility in selecting the right tools based on varying risk profiles. As organizations continue to evaluate the impact of passwordless authentication, initial results from R Systems indicate a notable improvement in employee experience, with quicker logins and fewer password-related help desk requests. Ultimately, passwordless authentication is becoming a cornerstone of their zero-trust architecture, reinforcing a robust identity layer that ensures secure access, irrespective of user or device location.