Passwordless login isn’t new, but, with the constant increase in data breaches from identity fraud, it is now a necessity.
By Tim Spring
The problems with passwords
Thirty-percent of users have experienced a security breach due to weak passwords and 81% of hacking-related breaches take advantage of stolen or weak passwords. We know that the username and password method of authentication has been flawed for years and cannot be fixed; and yet, it is still the most common way to access accounts online.
The problem is that there has not been an efficient way to create and secure a user’s account at the point of creation. Know-Your-Customer (KYC) practices are done to set up a bank account, but they can vary by organization and by area. Once this information has been collected, and an account has been set up, the easiest way that organizations control access is through a username and password.
Many organizations have chosen to continue using password security with multi-factor authentication (MFA). While this offers improved security, MFA is now under stress from attackers who have found ways to bypass it. MFA also requires additional effort from end users who have become accustomed to less friction in digital interaction, and as a result it is struggling with adoption and user fatigue.
But MFA simply underscores the problem of passwords in general: People hate them. First, we all have too many — one 2023 study found that the average person has 100 passwords. — Second, if they are easy to remember, they are easy to fake; and if they are hard to fake, they are hard to remember. Given all this, 45.7% of people admit to re-using passwords across multiple websites or accounts, making them even more insecure and dangerous.
It’s time to overhaul the system. With verifiable credential technology financial institutions do their initial KYC and issue their customers a verifiable account credential. Authentication and access is managed by cryptography, meaning that when the account holder presents their credential for login to their account, the bank instantly verifies that they are an account holder (the account holder also instantly verifies that they are interacting with their bank). No logins or passwords or MFA is needed.
The outcome of safer login methods
By removing passwords, your team becomes much more resilient toward phishing attacks, which is where a bad actor will try to get an unsuspecting person to share their login credentials by posing as a trusted party. Because of their decentralized nature, verifiable credentials cannot be lost, stolen, or copied, so you can be confident that the person presenting the credential is the person who should have it.
You will also see an increase in efficiency once passwords are removed. Employees spend 11 hours per year on average remembering or resetting passwords, which doesn’t sound like too much, but for an organization of 15,000 could be costing as much as $5.2 million in lost productivity.
Better efficiency doesn’t just mean less money lost and more productive employees, the customer experience also improves. 44% of consumers reported facing medium to high friction when engaging with their digital banking platform. This means that almost half of people trying to access online banking have some form of difficulty. Simple, quick authentication processes will make your organization stand out, keep your customers happy, and keep them coming back.
Passwordless login is the future of online interaction. To see an example of how this technology will soon allow you to interact with your financial institution you can see a demonstration here.
For questions about use cases or to learn more about your options for implementing decentralized identity technology you can get in touch with the Indicio team.
####
