March 11, 2024

Should enterprises get rid of password authentication?

Did you know that weak or stolen passwords are the cause of approximately 81% of data breaches? As new malware is released that retains victims’ information even after their passwords have been reset, it begs the question; should companies move away from password authentication to more secure methods?

Some cyber security experts believe that passwords should be eradicated and replaced by multi-factor authentication (MFA), biometrics and other systems. Currently, most enterprises and financial institutions require employees and customers to authenticate themselves through passwords.

Despite repeated suggestions by companies, employees and customers still use simple passwords that are easy to hack. Birthdays, sequential numbers and pets’ names are among the most common passwords used. It’s recommended that these codes contain a mix of upper and lower-case letters, numbers and symbols.

However, even with complicated passwords, new malware can decode them by guessing millions of combinations until one works. It can take as little as eight minutes to correctly work out a fairly secure password.

Is a passkey better than a password?

Some enterprises have started using passkeys as a preferred authentication method. This system was developed by the Fast Identity Online (FIDO) Alliance and is a credential saved on your device, usually a computer or phone, that allows you to access internet accounts without typing a login or password.

The technology is based on public key cryptography and is meant to improve sign-in security. Passkey technology could help banks better protect clients, or enterprises improve the authentication of employees, who are vulnerable to phishing scams.

A passkey works through authentication apps, like Microsoft Authenticator. It sends a six-digit code to your device that is only valid for a short period of time. When you need to log on to your bank account or employee portal, you will have to open your authentication app and see the number displayed on the screen.

This number is then typed into the login screen. This method ensures that the right person has access to the online system without having to remember a password, which hardly ever changes and is susceptible to hackers. As the passkey changes every couple of minutes, it means hackers have to have the victim’s device on hand to access the system.

While passkeys are better than passwords, they are not foolproof. Enterprises and banks still need to perform background security system checks and implement several other cyber security measures to improve authentication.

Biometric authentication is more successful

Biometric authentication uses specific physiological or behavioural characteristics to validate a user's identification. This approach provides various benefits, including originality, ease, and resistance to theft or reproduction. The most common biometric authentication method is fingerprint recognition. Smartphones and laptops can scan fingerprints, which is a highly secure method as no two fingerprints are the same.

Similarly, banks and secure portals have been using facial recognition for several years now. This technology uses facial characteristics such as shape, distance between facial features and unique markers to give a contactless and accurate authentication technique. However, some cheaper systems can be fooled by photographs of faces.

The last biometric authentication technique is iris scanning. By analysing the detailed patterns in a person's iris, this method provides a highly secure method of verification that is difficult to imitate. Like fingerprints, irises are unique to each individual. However, this technology is not available on smartphones and endpoint devices; it requires specialised equipment.

Multi-factor authentication (MFA)

MFA provides an additional degree of protection by requiring users to supply more than just their password. This strategy considerably lowers the possibility of unauthorised access. It often uses SMS-based verification codes.

Users are sent a one-time verification code via text message to their registered phone number, which they must enter alongside their password to gain access. While convenient, this method assumes the user's phone is secure.

Like passkeys, authenticator apps are also needed for MFA. These apps generate a time-based or event-based verification code, which must be entered alongside the password during authentication, adding an extra degree of security.

Another MFA method is hardware tokens - physical devices that create secure codes used for authentication. Hardware tokens offer an offline authentication method that is extremely resistant to hacker attempts. Many banks give their customers these small devices that generate codes when they try to log into their accounts.

Other authentication methods

There are several other authentication methods that eliminate the need for traditional passwords altogether, offering a more streamlined and secure user experience. Here are a few examples of password-less methods:

  1. Email magic links - Instead of entering a password, users receive an email containing a unique link. Clicking on this link verifies their identity and grants them access to the desired account or service. This method reduces password-related vulnerabilities and simplifies the login process.
  2. QR codes - Users scan a QR code displayed on their device using their smartphone camera to authenticate and gain access. This method is especially useful for secure mobile login scenarios.
  3. Push notifications - With this method, users receive a push notification on their registered mobile device, prompting them to authorise access. Confirming the notification provides authentication without the need for passwords.
  4. Adaptive authentication - This method leverages contextual factors such as location, device, and behaviour analysis to assess the risk level of login attempts. It dynamically adjusts authentication requirements based on the perceived risk level, offering real-time protection.

In an era where passwords alone are insufficient for cyber security, investigating other authentication methods is critical for enterprises. There are many other methods that are more secure and harder to hack than traditional passwords, so financial institutions and large companies should be implementing these systems, if they haven’t already done so.

These other methods provide increased security, convenience and a better user experience. Adopting these advanced authentication methods will allow employees, customers and enterprises to successfully protect their digital identities. For more information about our cyber security services or to get a quote, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Back