The end of passwords programmed
With 60% of data breaches coming from weak or overused passwords, cybersecurity is becoming a priority for many companies. This account takeover fraud, fueled by phishing or malware, creates huge costs for companies. On average, the cost of each attack is estimated at $1.8 million for businesses. The average cost to recreate a password within a company is estimated at $70 per password because it takes into account the time spent by technical support. And an employee can waste up to 11 hours a year logging in and changing passwords.
According to Michael Chertfoff, former U.S. Secretary of Homeland Security, “the password is the weakest link in today’s cybersecurity. The common vector for most attacks is the password. Creating a much more secure digital future is becoming essential!
While companies favor two-factor authentication, such as combining the password with an SMS, biometric solutions are often favored by the general public since the success of Apple’s Face ID. It is therefore necessary to find the right balance between security and facilitation in the context of the user/customer experience. Therefore, shouldn’t we already be looking at a new generation of authentication tools?
Many startups like Hypr, Beyond Identity or Stytch already offer passwordless authentication solutions, mainly using objects like smartphones or other connected objects. Hypr, which we had already talked about at NRF 2018, allows for example to connect to one’s computer directly thanks to a token and one’s smartphone, no more need for a password to be renewed every 3 months. These startups are paving the way for the next generation of multi-factor authentication, it is called invisible multi-factor authentication (iMFA).
With all new identification solutions, it is important to find the right balance between security and ease of use. The iMFA could significantly limit the security vulnerabilities related to the use of passwords while simplifying the user experience as much as possible.
The idea is to use invisible data such as behavioral data, biometric data, behavioral data, location of smartphones, MAC address of devices, … With iMFA, it is about identifying a user based on what he does, what he holds, what he is and what he knows and not based on a password.
This new generation of multifactor identification will not only secure access to data but also has the potential to simplify and fluidify the identification of consumers on e-commerce sites, for payments and the administrative management of personal information.