This article has been indexed from The Duo Blog
The Promise of Passwordless
If you’ve been following the evolution of passwordless, you’ve likely read countless blog posts and whitepapers pondering the promise of this technology. The pitch is relatively simple: passwords are insecure and inconvenient, so let’s get rid of them. We shouldn’t necessarily trivialize this promise. Passwords are insecure. They provide a time-tested avenue for bad actors to compromise and gain unauthorized access. As the Verizon Data Breach perennially points out, compromised credentials play a role in the majority of breaches. Passwords are also inconvenient. Password length, complexity, and rotation requirements have only gotten more stringent in the past ten years – leading to headaches for end users and help desks alike.
Before continuing on, it should be noted that all passwordless is not the same. “Getting rid of the password” could be as simple as removing the password field and asking for username only — which is obviously highly insecure. While secure passwordless technology removes the password, it does so by replacing it with stronger factors like device identity or biometrics. If you’re interested in learning more about the technical ins and outs of passwordless, Duo’s own Jeremy Erickson has written an extensive Administrator’s Guide to Passwordless — a great resource for those looking to dive into passwordless in all its glory.
IT Administrators and End Users Are Intrigued by Passwordless
However, let’s return to the problem at hand. Just because industry thought leaders and security vendors agree on a premise (like the value of passwordless), that doesn’t mean IT decision makers or workforce end users feel ready or willing to transition to a new technology. To get to the bottom of this, Duo conducted a global survey of both IT professionals and end users to gauge their attitudes when it comes to passwords and a potential transition to passwordless. The survey covered ten countries worldwide and had thousands of respondents. The findings were quite interesting.
Want Passwordless to Succeed? Make It Easy