“By 2020, the number of passwords used by humans and machines worldwide is estimated to grow to 300 billion.” predicted by Cyber Security Media. Passwords are still a problem, this pain has been going on for generations. People have too many applications and accounts on the internet, we don’t even count them all and need to handle so many logins nowadays.
Since password security is vitally important, enterprises enforce employees regularly change passwords and even invest a lot in password management, it’s clear that many companies struggling to properly manage passwords and prevent password-related attacks. However, most people struggle with remembering all their passwords and in a single month of 2017, Microsoft had to reset 868,000 passwords and spent 12 million for resetting users’ passwords. With the insights in the 2017 Data Breach Investigations Report (DBIR), 81% of data breaches are caused by compromised, weak and reused passwords. Not much has changed in 2020, over 80% of hacking-related breaches are still tied to passwords.
Passwords are outmoded security mechanisms that have existed since the 1960s. The pursuit of security has been accompanied by increasingly complex password authentication methods and it has gradually caused frustration for users and management due to their complexity and frequent resets in these 40 years. Yet, As technology boosts, there is a strong stimulus to combine the simplest verification with security or even get rid of passwords.
Since the average business employee must keep track of 191 passwords, according to a report from password management firm LastPass, there should be some twists and turns to help businesses and enterprises prepare for passwordless authentication. It’s hard to eliminate passwords all at once, but it can be started by reducing the use of passwords as much as we rely on them.
If we are going to get rid of passwords, we need to make sure we have mechanisms in place to validate trust in users, and passwordless doesn’t mean there is no authentication, it indicates strong, secure authentication that reduces friction.
What is Multi-Factor Authentication (MFA)?
The difference between two-factor authentication (2FA) and MFA is that 2FA adds not only knowledge factors but either a possession factor or an inherence factor to be the available checks to verify identity, whereas MFA may use three or more checks.
“A password is something you know. A device is something you have. Biometrics is something you are,” -Stephen Cox, chief security architect of SecureAuth. There are various Authentication factors, the most common of which include as following:
A knowledge factor- Something you know, such as passwords, PIN Codes, etc.
A possession factor- Something you have, such as ID cards, a security token, the devices you own, or the app on your mobile phone.
An inherence factor- Something you are, that’s what we called a biometric factor, is the innate physical trait from the user, Including fingerprints, facial or voice recognition.
Most people currently use smart devices with biometric, which can be used the check to verify identity as part of MFA. Biometric verification usually offers less hassle than OTP verification that users can use it easily and securely. Implementing strong MFA for secure allows users to reduce their reliance on passwords and no need to change passwords so often and require less frequent resets.
MFA and Biometric Authentication
With powerful MFA, people may gradually eliminate the risk of using passwords as a single way of authentication and get rid of credential theft by combining additional methods of identity verification especially biometric authentication that can not be easily stolen and copied remotely. There will be more choices for verification in the future, and we believe that these alternatives methods can lead us carefully abandon our passwords and at the same time balance strength of IT security and ease of use.
Today, AuthenTrend is trusted by Microsoft Intelligent Security Association, Fido and RSA and develops not only a variety of fingerprint security keys but also the first fingerprint crypto hardware wallet in Taiwan. Our flagship product, ATKey.Pro, is the slimmest, compact and best fingerprint experienced security key, that supports Fido2 and U2F to enable users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. Unliked traditional fingerprint devices, our patented standalone enrollment technology lets users enroll fingerprints directly on the cards or USB keys, no app download required.
Our fingerprint enabled card type blockchain Cold Wallet — AT.Wallet just passed the IP68 waterproof test and won a prize at CES 2020 Innovation Award Honoree.
AuthenTrend is leading the way in authentication with biometric technology. Our mission is to replace passwords with fingerprints for higher security and convenience.