14. September 2021

Password killer – when will you shred your password sheet?


Password-free // Be it customers, partners or employees – many users of digital services require secure and reliable identification. Today, this often still consists of a combination of a username and password, although password-free methods are already a reality.

The primitive “password” is famously one of the oldest security tools of the digital world and remains the dominant practice when logging into digital services. However, with rising cyber criminality and ever more sophisticated methods of attackers, this protective measure has increasingly become a risk factor in its own right. Eliminating passwords is not only long overdue from a security perspective, but also promises to significantly improve the login experience and simplify the use of digital services. Clearly, there are many compelling reasons to transition to password-free authentication.

Passwords belong in the shredder
Traditional authentication using passwords is one of the greatest threats to cyber security today. More than 80 percent of digital security leaks and attacks can be traced back to weak or stolen passwords. Take a closer look at how passwords are used from day to day, and it’s no wonder that this is one of the most popular targets for hackers.

No one wants to memorize long, complicated or different passwords or change them at regular intervals to fulfill the respective requirements. As a result, users often use identical character sequences for different services, and it is probably no surprise that passwords like “123456” and “password” are still among the most popular choices for login details of all kinds.

Password-free methods become a reality
Laboriously typing a complicated password could finally be a thing of the past, as the first steps towards a password-free future have now been taken. Today, users of digital services can enjoy a seamless, intuitive login experience.
A password-free solution can be realized using various methods, but does not rely on human knowledge for authentication like password do. Instead, they are based on more reliable factors, such as “ownership”, “inherence” or “location”. Often, these factors are combined to create a multi-factor authentication process, where at least two factors have to be fulfilled in order for users to access data and services.

With the public authentication standard FIDO2, a simple gesture, the touch of a finger, or a quick glance at the camera is usually enough to enable successful and secure access to online services. The new standard for password-free authentication makes the process much simpler for the user, while reducing the required IT costs and management effort. Weak points, such as phishing, brute force attacks or general security risks due to stolen, weak or reused passwords, can be eliminated and overall security significantly increased. Clearly, there are many com-pelling reasons for companies to transition to password-free authentication.

Philip Dieringer
Philip Dieringer

Philip Dieringer, Head Bern, ti&m.