Passwordless authentication: pros and cons

18 March 2020

What will replace the password? And what are the benefits and pitfalls of doing so?

Passwords are the last line of defence of many applications. Hated by users (who already have too many to remember) and systems administrators (who have to resolve login problems), almost no one would be sorry to see passwords disappear. 

One estimate suggests that the average person already has 150 password-protected accounts. By 2022 that’s expected to reach 300. Little surprise that people duplicate passwords – or forget them entirely.  Recent developments – fingerprint scans, facial recognition, hardware tokens, auto-generated one-time passwords (OTP) – now offer an alternative to traditional passwords. So, what are the potential benefits – and dangers – of passwordless authentication?

Pro – Improved user experience

Going passwordless immediately relieves pressure on your users – they don’t have to remember another complex string of letters, numbers and special characters. The easier you can make the authentication process, the less problems your users will encounter – and the better their overall experience.  This is particularly important for customer-facing applications. A poor logon experience will discourage users and limit your income potential.

Pro – Increased security

Humans almost always choose the easiest option – which is why password duplication is so common. If a duplicated password is obtained by hackers they are able to access many other accounts elsewhere – including your services.  Replacing password authentication immediately eliminates the possibility of duplication – and exponentially increases the security of your systems.

Pro – Reduced administration overheads

Forgotten passwords are a major overhead (and annoyance!) for your helpdesk. In some cases you can create automated password reset systems, but for high security applications this may be insufficient.  Using biometric or token-based authentication means (almost) never having to reset a password for one of your forgetful employees – and helps to reduce your support costs in the process.

Con – Potentially increased costs

Although passwordless authentication offers cost savings over the long run, you may incur temporarily increased costs during deployment. If you opt for a hardware token-based system for instance, you will need to make an initial capital investment too.  There may also be development costs to consider, particularly if deploying a smartphone-based authentication app or similar.

Con – Harder to troubleshoot

Resetting passwords is a pain, but it’s also relatively straightforward. Many of the issues users encounter when using passwordless authentication is down to unfamiliarity – they are not quite sure what to do, or what to expect.  Troubleshooting is even more complicated (and costly) if a user loses their hardware token. Your support team will be expected to provide a workaround until a replacement can be supplied to the user/customer.

Conclusion: the future is passwordless

After decades of service, the password is about to become redundant.   Passwordless authentication makes life easier for users and customers – which is extremely valuable as user experience becomes one of the major differentiators between brands.  As we’ve shown, there are some potential pitfalls, but they can be overcome – and the benefits are significant. You don’t have to navigate these challenges alone either – Condatis are experts in identity and access management and we can support your company in going passwordless.  Contact us today to learn more about your passwordless future and how we can help.

Passwordless is the future of digital identity.

Speak to one of our experts to find out more.