Passwords are getting less and less popular nowadays. Some experts say the era of passwords is over. Aside from the fact that people find it hard to manage and remember their passwords, there is also the problem of security. In the current complex IT environment, passwords are no longer enough to protect our online data.
A recent cybersecurity survey revealed that about 32 percent of cyberattacks in 2019 involved phishing, while 29 percent involved stolen login credentials. This is a clear indication that the future of authentication does not need passwords. Fortunately, experts are quickly rolling out methods of authentication without passwords.
However, there is confusion around what to call this method. Among the frequently-used terms include passwordfree and passwordless. Both terms imply not using passwords and they are sometimes used interchangeably. But if you ask cybersecurity experts, there is a big differ\rence between the two. It is technical differences that set the two similar terms apart. So, what is the difference between passwordfree and passwordless authentication?
Passwordfree authentication
Passwordfree authentication allows user authentication without using a password. However, the password is not completely removed from the authentication process and is still used in some capacity to get access. Most of the time, what is billed as passwordfree authentication is, in reality, password “replay.” Below are some scenarios that demonstrate passwordfree authentication:
- Smartphone Unlock
You might be using biometrics such as fingerprint or face recognition to unlock your mobile device. However, there is a contingency use for passwords. When there is a fingerprint scan error or light is too low to scan your face, you have a choice to unlock your device using your PIN. In other words, the PIN is still part of the authentication process.
- Mobile Banking
Some banking and finance apps offer fingerprint authentication on mobile devices, giving the illusion that a password isn’t involved. However, when you go to the bank’s website to log in, you still need to enter your username and password. Passwords are still involved, and you are still required to make a password when creating an account.
- Single Sign-On or SSO
Single sign-on can be passwordfree or passwordless based on your SSO provider. When you use ‘Sign in with Facebook’ to login to an account, the website asks a third-party website to verify your identity. This gives the appearance of a one-click login without needing to enter a password. But, the third-party account, which becomes your main account, still needs a password to authenticate.
All in all, passwordfree authentication gives users a convenient way to authenticate. However, it does not get rid of the security risks associated with passwords.
Passwordless authentication
Using passwordless authentication, the password is completely removed from the authentication process. The website or app’s login interface lacks a login field. More importantly, users are never prompted to set up a password upon account creation. Another form of authentication, such as biometrics, is used to validate identity.
But how can the websites confirm a person’s identity without a password? Here’s how an example of how passwordless authentication works:
- Instead of logging in with username and password, users are prompted to scan a QR code on the login page.
- The code directs the users to authenticate through the device’s native biometrics system, such as so fingerprint or facial recognition.
- Biometric is submitted and validated against the enrollment template.
- If it matches the biometric encrypted on the login server, a certificate is passed to the system to allow users to authenticate and initiate the session.
Passwordless authentication increases security by eliminating password-related threats, such as phishing and password stealing. However, if you still can’t decide over adopting a passwordless strategy in the office. Below are some benefits of passwordless authentication aside from security:
- Increase Productivity
For businesses, passwordless authentication also helps increase productivity in the office. Manually entering a string of passwords for a dozen of business apps or platform occupies a good 30 minutes of an employee’s time every day. That is if they don’t forget their passwords. This time could have been used for more productive tasks instead.
- Offer Better User Experience
With passwordless authentication, employees also no longer need to create and remember complicated passwords for multiple office platforms to comply with password management policies, greatly improving their login experience.
- Decrease IT Costs
Passwordless authentication removing costs for password reset requests to the IT department, which costs an average of $50 for every request according to a study.