Application Architecture Summit

Modern Application Development for Digital Business Success

REGISTER

January 26, 2023

Virtual Summit

The modern technological landscape requires users to save or memorize passwords for access to any sensitive information.

This is an activity many of us have come to accept as a necessary and time-consuming nuisance. In fact, it is reported that individuals spend at least 11 hours a year typing passwords in and have to reset them more than 5 times a month.

To combat this, many people have created common passwords. This combined with technological advancements and the ever-evolving skills of cyber criminals have made passwords increasingly insecure and a less-than-ideal method for authentication.

Despite this fact, the reality is passwords will still be the major player in authentication in the foreseeable future as estimates suggest it will take at least a few years to achieve a full-fledged passwordless future. Gartner Research predicts that only 20% of customer authentication transactions and 50% of the workforce will be passwordless by 2025.

However, technology’s three biggest players have begun setting the groundwork for moves that will push the world toward passwordless. Apple, Google, and Microsoft actually joined forces earlier this year and announced their intention to start supporting FIDO (“Fast Identity Online”) passkey authentication on all of their browsers, platforms, and operating systems before the end of this calendar year.

The intention of these major companies ultimately leaves other enterprises in a precarious state known as the “Pre-Post-Passwordless World.”

The Need for Adaptation and Preparation in the “Pre-Post-Passwordless World”  

So what are enterprises to do during this inexorable transition to passwordless? Here are three (3) main steps enterprises and their engineering teams should focus on to make it through the ever-confusing “Pre-Post-Passwordless World”:

1. Understand All Aspects of Their Security: If they haven’t already, companies must take an inventory on two fronts — software and applications that they provide themselves requiring passwords as well as those that they consume from other providers that need passwords. While this might seem like a minor exercise for IT departments, in reality, there is much to be learned on an organizational front. This includes how much enterprises rely on shadow IT and third-party SaaS services that are under or in control of password protection. As a result of this activity, enterprises will have a complete understanding of how much they and their end users rely on passwords, and where they will need to adopt different methods in the future.
2. Gain Extensive Knowledge of FIDO Passkeys: As technology’s biggest companies are planning to implement FIDO passkeys in the near future, it will undoubtedly impact all other enterprises offering software and applications. The engineering teams responsible for the incorporation of this new authentication method into applications must become experts on what they are, how they work, and how they will impact the user experience. The passkeys will leverage two different factors of authentication — (1) a private key (which is found locally on a personal device) used in combination with a public key (which is found on a website’s server), and/or (2) biometrics or a randomly-generate security code (often sent to a device or through a text message).
3. Prepare for the Transition to Passwordless: Enterprises have to account for the transition time between passwords and passwordless. This must be addressed as each effectively provides two entirely different user experiences within software and applications, and there will be a time-consuming and arduous process that must be deployed to enter the passwordless world. Enterprise engineering teams will need to have a full view of what this transition process will look like, how long it will take, and the steps they will need to take to ensure a seamless and error-free process for end users. What’s more, they will also have to plan to offer both traditional forms of authentication — email with a password, Single Sign On, etc. — as well as passkeys as the transition, won’t happen at the flip of a switch - it will be gradual.

While there is much for enterprises to do during this period of the “Pre-Post-Passwordless World,” there is also a lot to look forward to.

A More Seamless and Secure Future for Technology and Applications

There are several advantages for enterprises to consider as we prepare for a world where passwords will be relics of the past. Some more obvious benefits include a more intuitive and overall better user experience. The frustrated user will no longer be smashing keyboards or spending endless amounts of recovering their various accounts and applications because of pesky forgotten passwords. It will also bring an enhanced security profile as password hacks from cyber criminals will no longer be a concern for technology and application users.

This new passwordless world will also bring less obvious benefits such as the high dividends enterprises will yield. This includes bringing the sidelined less tech-savvy population into a newer, digitized world via seamless authentication as well as bringing users newer cross-device experiences that don’t exist yet. Ultimately, this means that enterprises will see more usage of their software and applications because one of the biggest barriers to entry — authentication — will be solved and become something that end users don’t have to worry about.

Although these benefits won’t be seen just yet, there is a more secure and seamless future ahead for the technology, enterprises should continue working towards a passwordless world and ensuring their applications and software are ready for the transition and can maintain great experiences for end users.

About Shiva Nathan
Shiva Nathan is the founder and CEO of Onymos. He is a seasoned technology executive and entrepreneur, having served as former head of Intuit’s Platform & Services organization, as well in executive roles at Oracle and CA.