LastPass and the FIDO Alliance have published the 2023 Workforce Authentication Report. It shows that 92% of organisations already planning to move to passwordless technology. Meanwhile, 95% are already experiencing some form of passwordless solution at the moment.

Andrew Shikiar, Executive Director and CMO, FIDO Alliance (Image Credit: LinkedIn)
Andrew Shikiar, Executive Director and CMO, FIDO Alliance

Andrew Shikiar, Executive Director and CMO of the FIDO Alliance, said, “The move towards passwordless authentication has gained steam over the past few years as an increasing number of organizations have moved to eliminate the risk and liability of passwords as they are the source of the vast majority of data breaches.

“Today’s report backs up this trend by illustrating that global IT leaders are rapidly aiming to reduce their reliance on legacy forms of authentication in favor of passkeys for user-friendly, phishing-resistant sign-ins.”

Passwords still dominate, but will people change?

Unsurprisingly, the responses to the report show that passwords still dominate (76%). This is true, even when they are mixed with other technologies, such as MFA (43%). One of the reasons passwords still dominate is that they are the default technology. Changing them is not simple.

Moving away from passwords requires a change in how users are authenticated. This is not just down to the main login systems but also how applications authenticate users. Organisations have had almost two decades since the conversation about MFA, yet only 43% of respondents use it. How much they use it and what they use it for is unclear as there is no qualitative component to the report.

Passkeys are one solution to the password problem. 92% of respondents expect them to improve their overall security posture. 93% say it will eventually reduce the use of shadow IT. That latter is speculative, and there is little evidence for it at all.

More work needed to drive passkey adoption

Of interest, 55% of IT leaders accept that they need more education on passwordless technologies and how they work. They also want to know how to deploy them. 31% want to know how they integrate them into existing infrastructure.

But will that be enough? Education and tools were available early on when MFA became an option. However, the take-up is still less than 50%. What will accelerate the adoption of passwordless technologies? According to the report, there are a number of reasons by 89% believe that passwords will be down to just 25% of logins within the next five years.

  • 18% Security concerns with existing authentication solutions (e.g., traditional MFA)
  • 17% Increasing employee productivity
  • 17% Securing the hybrid work environment
  • 14% Preventing breaches / remote attacks
  • 9% Standards compliance
  • 8% Workstation login
  • 8% Existing solution not user friendly
  • 6% Other successful companies / peers have also deployed

Of all of these, the one that is most likely to be a driver is standards compliance, especially for large regulated organisations. Those same organisations are likely to push back on their suppliers and customers to adopt passwordless technologies if they want greater integration into their systems.

However, given how intractable this issue has been, five years seems a very short space of time to finally solve it for the vast majority of organisations.

Enterprise Times: What does this mean?

Solving the problem of passwords is not going to be easy. The long tail of corporate applications that will need some form of adjustment is a challenge not to be overlooked. It is one of the reasons that organisations have been slow to adopt other, more secure, means of authentication.

Education and ease of deploying the technologies will also be a challenge. The more coding required to integrate the new solutions, the slower adoption will be.

However, there are some bright spots. Passkeys are becoming commonplace on mobile devices. If it becomes a default technology in all operating systems, then there is a good chance that adoption will be high.

It will be interesting to track this report over the next few years and see how realistic some of the timescales are.

LEAVE A REPLY

Please enter your comment!
Please enter your name here