Going ‘Passwordless’ Is Not a Simple Process and Should Not Be Rushed

Businesses need to scope, plan, and implement with care

By Alex Tupman, CEO, Espria

Organisations rushing to adopt passwordless authentication are doing so for a variety of reasons: to deliver stronger security, reduced IT support costs, support remote working and to adopt a Zero Trust approach to verify each access request. But according to managed services provider Espria, going passwordless is not a simple process and should not be rushed.

Dave Adamson, CTO at Espria, stated: “Passwordless authentication simply replaces passwords with a more suitable authentication factor. This means moving from a centralised credential repository (where passwords are saved) to a decentralised model in which no passwords are saved and each individual is responsible for their own passwordless authentication. Thus eliminating threats posed by passwords.”​

“But unlike Multifactor Authentication (MFA) that does secure organisations, users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems.”

One of the biggest benefits of going passwordless is its simplicity. While most people have already adjusted to using password managers, there are still some passwords (like master passwords) that need you may need to remember.

Adamson continued: “By going passwordless, you can verify your identity without having to remember anything. You may need to authenticate with a mobile app or scan your face or fingerprint, and that’s it.”

However, there are barriers to immediate adoption and a host of elements to consider before implementing a passwordless environment to the enterprise. Central to this is inertia. According to a survey from Cyber Security Insiders some 22% of businesses still need persuading of the benefits of going passwordless. This could be because of the difficultly in adapting an entire IT infrastructure to a passwordless login. According to this research, two thirds of its sample claimed they did not have the right in-house teams and skills for the seamless adoption of passwordless authentication.

Adamson continued: “Many applications are just not designed to go passwordless because identity authentication has traditionally been fragmented. It’s a complicated picture, even among the cloud providers that include multifactor authentication and identity management as part of their services.

“We are seeing a number of organisations who are already turning to recoding apps so they can support passwordless authentication. Based on feedback from customers we have worked with, this effort can take months.”

“There is no doubt that this is a journey many organisations are now embarking on as they realise that passwords really are the weakest link and are costing billions in terms of data breaches. But it is not an immediate fix – it is going to take time to scope, plan and implement. It certainly cannot be rushed,” concluded Adamson.

About the Author

Alex Tupman AuthorAlex Tupman, CEO, Espria.  He became CEO of Mode Solutions, an award winning provider of managed IT services to UK businesses in March 2021 following almost seven years at Conn3ct, a specialist global CX and UC managed services provider, where he leads the original management buyout of the business in 2014.

He has over two decades of experience in business growth, both organic and through M&A, having facilitated eight strategic acquisitions and two disposals as well as the management buyout and secondary buyout of Connect.

He believes in a leadership style that encourages teamwork and communication at every level. He believes that prioritising the discovery and development of new talent creates a first-class team of trusted employees and builds a positive, empowering environment.

Winner of Ernst & Young’s Entrepreneur of the Year award, in 1999 he founded his first technology company, which developed into one of the UK’s leading Systems Integrators, employing 600 people. As CEO, he floated the company on the AIM market of The London Stock Exchange in July 2005. Driven and competitive, he am a keen sportsman, especially rugby union, where he represented England at U19 level.

Alex can be reached online at Linkedin and at our company website espria.com

November 28, 2022

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...