Cybersecurity

4 reasons why passwords are becoming a thing of the past

4 reasons why passwords are becoming a thing of the past

There are now easier and more secure ways to authenticate users online Image: Wikimedia Commons

Alois Zwinggi
Managing Director, World Economic Forum
Adrien Ogée
Project Lead, Cyber Resilience, World Economic Forum Geneva
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Cybersecurity

This article is part of: World Economic Forum Annual Meeting
  • Password authentication has become a factor in poor customer retention.
  • Weak password management is a gift to cybercriminals.
  • Password-free authentication methods can improve customer experience, save money and improve cybersecurity.

The platform economy is changing how companies interact with customers. Enterprises need to connect with their customers efficiently to successfully and rapidly match the latter's wants and needs with services and products. Being able to authenticate users to enable efficient and effective interaction with organizations is vital to business strategies of the future.

Password-based consumer authentication was initially designed for employees, not customers or clients. User experience was not a concern. Today, in the age of fingerprint readers and facial recognition, people expect a seamless customer experience, and passwords are becoming a key factor in poor customer retention rates. Furthermore, from setup to reset and decommission, password management is costing companies millions of dollars per year.

Have you read?

In terms of cybersecurity, weak password management is central to the entire criminal ecosystem. Passwords are difficult to secure and most cyber breaches stem from weak or stolen passwords. A breach of a single platform can impact millions of individuals and interconnected enterprises. Credential stuffing attacks, where criminals use stolen credentials leaked and shared online, represent nine in 10 login attempts on major retail sites.

Digital trust is a precondition for unlocking the promise of the platform economy. The World Economic Forum Centre for Cybersecurity is actively working to improve authentication, a pillar of cybersecurity, to ensure a secure digital future for everyone. In collaboration with the FIDO Alliance, the World Economic Forum has launched a white paper on Passwordless Authentication: The next breakthrough in secure digital transformation, which proposes six core principles for transition to a password-free future. Here’s why:

Better user experience

Authentication is the entry point to an online service. Passwordless authentication replicates how people in the real world recognize one another by using techniques such as biometrics, based on inherent physical attributes or who we are. It is customer-centric and eliminates issues such as the common struggle of typing complex passwords on a foreign keyboard. In the near future, users will be able to authenticate onto any platform via the devices they carry with them everywhere. Ultimately, an enhanced user-centric experience also results in stronger security, as users are much less likely to try circumventing cumbersome processes.

Password authentication can contribute to poor user experience
Password authentication can contribute to poor user experience Image: Salesforce
Robust security

Login credentials to bank or social media accounts are on sale on the dark web for as little as $7. This is not just an issue for the individual user whose identity has been compromised – the unchecked rise of digital criminal activity is driving global cybercrime to unprecedented levels, and is undermining trust in government institutions. The digital economy is also enabling new waves of serious organized crime.

Passwordless authentication eliminates a long list of attack vectors, from credential stuffing to phishing attacks. When companies transition to new authentication solutions, they reduce their exposure to data breaches. Passwordless solutions require no personal information to be stored or transmitted over the internet; the risk of online fraud and identity theft is therefore greatly reduced. Furthermore, most passwordless authentication leverages two distinct authentication factors, providing more robust secure guarantees than a single password.

Improved interoperability

The interoperability of authentication solutions unlocks value. Interoperability allows new users to access certain services, existing users to transact more broadly and digital services to offer their users new ways to transact. Applying a standards-based approach means that the implementation work is largely completed, and service providers can get started faster on their path to passwordless authentication. It greatly reduces development time and unlocks access to new markets that are adopting certified solutions. It allows for international compatibility and expansion.

Regulations such as GDPR impact businesses serving European users, regardless of where the business is registered. Passwordless authentication facilitates compliance with such international regulations, which is key to expanding digital businesses across geographies.

Discover

How is the Forum tackling global cybersecurity challenges?

Reduced costs

Enterprises often struggle to balance security with business realities. Not only does passwordless authentication improve security, the user experience and interoperability, it reduces business costs and improves revenues by boosting productivity and brand perception.

According to a recent survey, employees spend more than 10 hours each year managing their passwords. This represents over $5 million a year for a company of 15,000 employees. With standards such as those developed by the FIDO Alliance, password administration is significantly simplified - and, most notably, cuts costs associated with call centres. Two and a half months is the average time that company IT staff spend resetting internal passwords, at an estimated cost of up to $70 per password reset. One study found out that businesses spend $1 million annually in helpdesk costs alone to deal with password resets.

Looking at global cyber-risks, 4 in 5 breaches involve weak or stolen passwords, and the average cost of every breach is $3.92 million (see figure below). When there are no passwords for criminals to steal, the possibility of illegitimate access to a company’s networks is significantly reduced, which translates into lower insurance premiums.

Around 80% of data breaches involve stolen passwords
Around 80% of data breaches involve stolen passwords Image: IBM Security
What's next?

The World Economic Forum Platform for Cybersecurity and Digital Trust actively supports the transition to a world without passwords with a call for organizations to pledge their support. Organizations from the public and private sectors along with civil society are invited to join this dynamic community of purpose; please visit our site to engage or for further details.

The parameters of authentication are much broader than passwords alone. Accurate and reliable authentication is the essential foundation of digital trust. It is an enabler of cybersecurity in the digital economy and of the Fourth Industrial Revolution. In other words, passwordless authentication is an enabler of the future.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityForum InstitutionalFourth Industrial Revolution
Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum