CMOtech UK - Technology news for CMOs & marketing decision-makers
United Kingdom
Guides
#
ai agents
#
customer data platforms
#
customer experience
#
digital signage
#
marketing automation
Search
Story image
#
Biometrics
#
MFA
#
Phishing

How A Passwordless Future Can Become A Reality

Yesterday
By Johan Fantenberg, Product and Solution Director, Ping Identity

For decades, passwords have been the cornerstone of online security. However, their vulnerabilities are rendering them increasingly obsolete.
 
As data breaches surge and the demand for secure, seamless logins grows, organisations are pivoting towards more robust alternatives: multi-factor authentication (MFA) and passwordless authentication.
 
While both approaches aim to bolster security, they offer distinct advantages and challenges, prompting businesses to carefully weigh their options.
 
The decline of passwords

The inherent weakness of passwords stems largely from poor user practices: reusing credentials, employing overly simple passwords, and neglecting updates. These habits leave systems susceptible to credential stuffing, brute force attacks, and phishing.
 
Indeed, a survey conducted by Ping Identity last year found that 62% of Australian organisations are very concerned about protecting against phishing attacks while 56% are very concerned about credential compromise and social engineering.

Today, the reliance on passwords burdens IT departments with frequent reset requests and troubleshooting, diverting resources from more strategic tasks.
 
Password fatigue among users exacerbates the problem, as individuals struggle to manage an ever-growing list of login credentials. This inefficiency highlights the need for more secure and user-friendly methods of authentication.
 
Understanding passwordless authentication

Passwordless authentication eliminates traditional passwords, leveraging advanced technologies like biometrics, device-based authentication, and one-time codes. By removing the password altogether, this approach offers enhanced security, improved user experience, and reduced IT overheads.
 
By replacing passwords with biometrics such as fingerprints or facial recognition, or device-based mechanisms like hardware tokens, password-less authentication directly addresses the vulnerabilities of traditional login systems.
 
Additionally, methods like passkeys offer seamless, secure alternatives that are gaining traction across industries.

Examining Multi-Factor Authentication (MFA)

MFA, meanwhile, fortifies security by requiring multiple verification factors. These include something you know (a password or PIN), something you have (a smartphone or security token) and something you are (biometric identifiers like fingerprints).
 
This layered approach makes unauthorised access significantly harder, even if one factor is compromised. MFA has become an industry standard for safeguarding sensitive data, with compliance regulations like GDPR and PCI-DSS frequently mandating its use.
 
MFA's strength lies in its adaptability. Organisations can tailor the factors used based on risk levels or specific user roles, ensuring a balance between security and usability. For instance, high-risk transactions might require biometric verification and a token, while routine logins might only need a two-factor setup.
 
This flexibility allows businesses to fine-tune their security protocols without overburdening users.
 
Contrasting user experiences

Passwordless systems excel in simplicity, often involving a single step such as a biometric scan. This streamlined process reduces friction and accelerates logins, making it an attractive option for users seeking convenience.
 
In contrast, MFA can feel cumbersome, requiring users to complete multiple steps, such as entering a password and verifying through a secondary device. While both enhance security, passwordless solutions increasingly stand out for their seamless usability.
 
However, the user experience isn't solely about convenience. It also influences adoption rates. Employees or customers frustrated by complex authentication processes are less likely to comply with security protocols, increasing the risk of breaches.
 
By prioritising ease of use, password-less systems not only enhance security but also promote better adherence to authentication practices.
 
As cyber threats evolve, adaptability is crucial. MFA's modular nature allows organisations to integrate new layers of protection. Meanwhile, passwordless systems leverage modern technologies like FIDO2 standards and advanced biometrics, positioning them as highly resilient to emerging threats.
 
Cost and implementation considerations

Deploying MFA or passwordless systems involves unique financial and logistical factors. The initial setup of MFA can be moderate to high, particularly with hardware tokens or SMS-based methods. Ongoing maintenance, user training, and support for lost devices contribute to long-term expenses.
 
When it comes to passwordless systems, while biometric and device-based systems entail higher upfront investment, they reduce long-term support costs by minimising password-related issues. Scalability is generally more efficient, especially for growing organisations.

Implementing either system requires careful planning. For MFA, integrating multiple factors into existing infrastructure can be complex, particularly for organisations with legacy systems. Password-less solutions, though simpler in some respects, demand modern devices and may face challenges in environments with high device turnover or less tech-savvy users.
 
Both methods are designed to evolve alongside cybersecurity challenges. MFA's flexibility enables organisations to replace outdated factors with more secure alternatives, such as app-based authentication over SMS.
 
Passwordless solutions, tied closely to advancements in biometrics and device security, are particularly effective against phishing and credential stuffing, making them well-suited to counter contemporary threats.
 
Finding the right fit

As businesses strive to secure digital interactions, both MFA and passwordless authentication play vital roles. MFA's multi-layered approach provides robust, adaptable security, while passwordless authentication offers a forward-thinking solution that aligns with user expectations for convenience and efficiency.
 
Organisations must assess their specific needs, regulatory requirements, and user profiles to determine the optimal path forward. The decision between MFA and password-less authentication isn't about choosing one over the other but finding the right combination to address unique challenges.
 
In an era where digital security is paramount, the right authentication strategy can be a game-changer for protecting assets and fostering trust.
 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Mastering marketing’s future: AI, data, and agility for 2025
Empowering automation: Unlocking the power of intelligent workflows with ERP
F5 unveils AI assistant to enhance app security oversight
OneAdvanced appoints new SVP for Managed IT Services role
Study finds 8.5% of GenAI prompts risk data exposure
Top stories
Semperis achieves USD $100M in annual recurring revenue
Cybersecurity in 2025: A Landscape of Evolving Threats and Strategic Shifts
VR mobile games on Android see 60% growth, 13 million new users
CIBC invests GBP £5m in Infinity for product development
Brightcove launches AI Content Suite for video creators