Right next to Egyptian mummies and dinosaur bones, passwords may soon be spotted only in museums as dusty relics of the past. Okay, maybe that’s a slight exaggeration – but our latest survey shows that top IT leaders are putting passwords and two-factor authentication in their rearview mirror.
Why? One reason is that organizations are sick of the ongoing data breaches. They know that traditional authentication methods just aren’t providing enough security when it comes to accurately discerning between authorized users and criminals. With the abuse of stolen credentials increasing all the time, user authentication is requiring advanced technology – and traditional passwords or two-factor authentication involving hard tokens and SMS codes aren’t always up to the task.
That’s probably why our survey says 83% of IT decision makers predict their organizations will be passwordless within 5 years. The survey also finds that:
- Southern organizations are more likely to transcend passwords than their Northern counterparts. The exact numbers: 86% vs. 60%.
- Looking ahead to that five year vision, only 17% of leaders still intend to use passwords as the sole means of authentication.
- In generational trends, almost half - 49% - of millennial IT leaders think their organization will do away with passwords; yet only 32% of leaders between ages 35-54 feel the same way.
- American counterparts are further behind the curve than UK leaders, with only 69% predicting they will phase out passwords in this time frame.
A Future Without Passwords
So where do these leaders think IT security is going after it leaves passwords behind?
49% say physical biometrics such as fingerprints, facial or iris scans will be their method of choice in 5 years, and 30% think they’ll rely on device recognition and two-factor authentication without passwords. 29% are looking at geo-fencing, geo-location and geo-velocity capabilities. All in all, 83% are preparing for a life without passwords within the next five years.
You might be wondering why these IT visionaries haven’t already jumped ahead to their future authentication methods. Well, we asked them about that too. We think you’ll understand their reasons, because they’re familiar challenges to most teams:
- 46% said budget constraints were holding them back
- 27% said disruption to users’ daily routines was a fear
- 24% said a steep employee learning curve was stopping them
These are all good reminders of why “better security” isn’t as simple as it sounds. Introduce a complex new tool and some of your staff just won’t use it. An implementation can throw daily operations into disarray. And sometimes you find what you consider the perfect solution – but the top leadership rejects it over budget concerns.
So how does two-factor authentication fit in?
If you’ve been tracking the popularity of 2FA, you know it’s become more widespread in recent years. You may also know that General Data Protection Regulations will click into place in 2018, requiring UK organizations to have some form of 2FA or face potential fines. But IT leaders don’t always agree on how effective traditional 2FA is. Some think it offers a baseline of safe authentication, but others think the clumsy user experience that often accompanies it is a detriment.
Then there’s our view at SecureAuth – that you can pair stronger authentication security with a great user experience through the magic of adaptive authentication. We know it’s possible because we do it every day. Just ask our customers. Through sophisticated risk analysis techniques like biometrics or geographic-based capabilities, we strengthen identity authentication, prevent attacks and address active risks – all without impacting the user experience.
That’s important when you recall those 27% of IT leaders who worried about disturbing their customers’ and employees’ daily routines and workflows. It’s a valid fear; employees may skip extra security steps, putting the company assets at risk, while customers may simply abandon a sale and go to a competitor. With those fears paralyzing IT teams and scaring them off from using new authentication tools and strategies, the need for a user-friendly solution is clear.
And it doesn’t get any friendlier than adaptive authentication and passwordless technologies. Users don’t want to take extra steps? No problem. The history of IT – and sadly, the history of IT breaches – shows that trying to force users to adopt burdensome steps is never the right move. The smarter approach is one that reduces friction while strengthening security.
That’s why at SecureAuth, we’re helping IT leaders discover the authentication tools that are invisible to users, relentless on criminals, and easy for teams to use. We know the future isn’t just passwordless – it’s a place that will require innovative technologies to keep organizations safe, strong and efficient. Learn more about passwordless now.
Request a demo and see how SecureAuth prevents the misuse of stolen credentials