- Password authentication has become a factor in poor customer retention.
- Weak password management is a gift to cybercriminals.
- Password-free authentication methods can improve customer experience, save money and improve cybersecurity.
The platform economy is changing how companies interact with customers. Enterprises need to connect with their customers efficiently to successfully and rapidly match the latter's wants and needs with services and products. Being able to authenticate users to enable efficient and effective interaction with organizations is vital to business strategies of the future.
Password-based consumer authentication was initially designed for employees, not customers or clients. User experience was not a concern. Today, in the age of fingerprint readers and facial recognition, people expect a seamless customer experience, and passwords are becoming a key factor in poor customer retention rates. Furthermore, from setup to reset and decommission, password management is costing companies millions of dollars per year.
Have you read?
In terms of cybersecurity, weak password management is central to the entire criminal ecosystem. Passwords are difficult to secure and most cyber breaches stem from weak or stolen passwords. A breach of a single platform can impact millions of individuals and interconnected enterprises. Credential stuffing attacks, where criminals use stolen credentials leaked and shared online, represent nine in 10 login attempts on major retail sites.
Digital trust is a precondition for unlocking the promise of the platform economy. The World Economic Forum Centre for Cybersecurity is actively working to improve authentication, a pillar of cybersecurity, to ensure a secure digital future for everyone. In collaboration with the FIDO Alliance, the World Economic Forum has launched a white paper on Passwordless Authentication: The next breakthrough in secure digital transformation, which proposes six core principles for transition to a password-free future. Here’s why:
Better user experience
Authentication is the entry point to an online service. Passwordless authentication replicates how people in the real world recognize one another by using techniques such as biometrics, based on inherent physical attributes or who we are. It is customer-centric and eliminates issues such as the common struggle of typing complex passwords on a foreign keyboard. In the near future, users will be able to authenticate onto any platform via the devices they carry with them everywhere. Ultimately, an enhanced user-centric experience also results in stronger security, as users are much less likely to try circumventing cumbersome processes.
Login credentials to bank or social media accounts are on sale on the dark web for as little as $7. This is not just an issue for the individual user whose identity has been compromised – the unchecked rise of digital criminal activity is driving global cybercrime to unprecedented levels, and is undermining trust in government institutions. The digital economy is also enabling new waves of serious organized crime.
Passwordless authentication eliminates a long list of attack vectors, from credential stuffing to phishing attacks. When companies transition to new authentication solutions, they reduce their exposure to data breaches. Passwordless solutions require no personal information to be stored or transmitted over the internet; the risk of online fraud and identity theft is therefore greatly reduced. Furthermore, most passwordless authentication leverages two distinct authentication factors, providing more robust secure guarantees than a single password.
The interoperability of authentication solutions unlocks value. Interoperability allows new users to access certain services, existing users to transact more broadly and digital services to offer their users new ways to transact. Applying a standards-based approach means that the implementation work is largely completed, and service providers can get started faster on their path to passwordless authentication. It greatly reduces development time and unlocks access to new markets that are adopting certified solutions. It allows for international compatibility and expansion.
Regulations such as GDPR impact businesses serving European users, regardless of where the business is registered. Passwordless authentication facilitates compliance with such international regulations, which is key to expanding digital businesses across geographies.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact us.
Enterprises often struggle to balance security with business realities. Not only does passwordless authentication improve security, the user experience and interoperability, it reduces business costs and improves revenues by boosting productivity and brand perception.
According to a recent survey, employees spend more than 10 hours each year managing their passwords. This represents over $5 million a year for a company of 15,000 employees. With standards such as those developed by the FIDO Alliance, password administration is significantly simplified - and, most notably, cuts costs associated with call centres. Two and a half months is the average time that company IT staff spend resetting internal passwords, at an estimated cost of up to $70 per password reset. One study found out that businesses spend $1 million annually in helpdesk costs alone to deal with password resets.
Looking at global cyber-risks, 4 in 5 breaches involve weak or stolen passwords, and the average cost of every breach is $3.92 million (see figure below). When there are no passwords for criminals to steal, the possibility of illegitimate access to a company’s networks is significantly reduced, which translates into lower insurance premiums.
The World Economic Forum Platform for Cybersecurity and Digital Trust actively supports the transition to a world without passwords with a call for organizations to pledge their support. Organizations from the public and private sectors along with civil society are invited to join this dynamic community of purpose; please visit our site to engage or for further details.
The parameters of authentication are much broader than passwords alone. Accurate and reliable authentication is the essential foundation of digital trust. It is an enabler of cybersecurity in the digital economy and of the Fourth Industrial Revolution. In other words, passwordless authentication is an enabler of the future.