Most IT Professionals Favor Alternatives to User Passwords
Improving data and system security and simplifying employee access from home are among the pluses for moving to "passwordless" authentication. Overcoming users' resistance to change and the cost of new technology remain obstacles.
- By Richard Seeley
- October 14, 2020
The best data application in the world is useless to users who forget their passwords or run into other glitches when they try to log in remotely from home. Valuable time may be lost contacting a busy help desk to get the issue resolved.
With so many employees working from home in the COVID-19 era, it's not surprising that a new survey found "weekly time spent managing users' passwords has increased 25 percent since 2019." The survey, commissioned by Boston-based LogMeIn Inc., found 85 percent of IT and security professionals want to reduce the number of passwords their employees use in their daily work.
The survey, "From Passwords to Passwordless," was released by LogMeIn to coincide with October's Cybersecurity Awareness Month, originally launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in October 2004 to call attention to issues such as weak and easily hacked passwords.
Asked about what survey results they expected, Gerald Beuchelt, chief information security officer (CISO) at LogMeIn told Upside that "something we have been expecting for some time is an increased understanding of the benefits passwordless authentication brings to organizations. It was pleasantly surprising to see that most respondents (92 percent) believe that a passwordless experience is the future for their organizations."
He noted that believing in an alternative to traditional passwords does not mean the path to implementing new authentication is clear. "The vast majority of IT and security professionals agree that their organizations should reduce the number of passwords used daily. However, [there's a disconnect] between what they think and what is actually happening. Many continue to rely on passwords to keep their resources safe."
From the survey results it appears that despite its benefits, a password-free world is not imminent. Reflecting on the survey data, Beuchelt said: "We also saw a consensus that passwords won't go away any time soon, but we are witnessing a change in the industry as IT and security leaders start to consider and implement identity and access management alternatives that complement regular passwords. Although, leaders see costs, regulations, and time as the top challenges for passwordless deployment, we believe we will see increased investment in technologies that help streamline and simplify the login experience."
Steps to Passwordless Authentication
Asked by Upside what steps organizations can take to begin the transition to computing environments less dependent on passwords, the LogMeIn CISO said, "Organizations looking to implement a passwordless approach need to start by considering their own needs, how secure their environments are, the number of applications in use, and even the controls they already have in place."
Beuchelt said companies could look at products such as LastPass, LogMeIn's identity and access management product, or "a mix of solutions." He offered examples of steps organizations can take to move away from password dependence including:
- Use password managers to save and fill in passwords, making it easy to launch sites to log in; these solutions minimize time spent remembering or updating credentials
- Adopt biometric authentication, which enables employees to securely authenticate and bypass typing in a password by using facial recognition or fingerprints
- Implement single sign-on (SSO), which requires only one set of credentials to access systems and applications, eliminating the need for employees to use multiple passwords
- Use federated identity that integrates with an existing IT ecosystem and user directory login details, requiring users to only use one password to unlock their work
Obstacles to Adoption
Despite the security gains IT professionals see in upgrading user authentication, the LogMeIn survey did find obstacles to passwordless adoption including end-user resistance to change. Almost three-quarters of IT and security professionals (72 percent) said end users in their organization would prefer to continue using passwords because that is what they are used to. Other challenges cited included cost (43 percent), regulations covering data and data storage (41 percent), and the time required to migrate to the new technology and methodology (40 percent).
Offsetting these challenges are the benefits respondents see, including making logging in easier and more secure for employees working from home in the pandemic era. More than half (53 percent) agreed passwordless authentication offers the potential to provide convenient access from anywhere. Other benefits include enhanced security (69 percent) and eliminating password-related risk (58 percent). Reducing IT workloads for tasks such as help desk calls were seen as positives with more than half (54 percent) of respondents, citing time saving closely followed by cost savings (48 percent).
The LogMeIn survey was conducted by Vanson Bourne, an independent technology market research specialist that interviewed 750 IT and security professionals ranging from CIOs and CISOs to IT managers and analysts in April and May 2020. The respondents were from a variety of private and public sectors across the U.S., U.K., France, Germany, Australia, and Singapore. Respondents were from organizations with between 250 and 3,000 employees.
The full report is available at no cost from https://www.lastpass.com/solutions/passwordless-access/from-passwords-to-passwordless. A short registration form must be completed for access.
Rich Seeley is an editor at TDWI.