Passwordless Authentication The next breakthrough in secure digital transformation

By the World Economic Forum In collaboration with the FIDO Alliance

Introduction

The use of passwords for authentication purposes forces users to create and memorize complex amalgams of letters, numbers, symbols, and cases; to change them frequently, and try not to re-use them across accounts. Users have to manage anywhere from 25 to 85 passwords and their information sources and tools are exploding exponentially. Wanting to sign on to digital tools simply and efficiently, they are increasingly challenged and consequently tend to re-use the same passwords repeatedly.

Passwords are indeed at the heart of the data breach problem

According to the 2019 Verizon Data Breach Investigations Report, 80% of hacking-related breaches involved compromised and weak credentials, and 29% of all breaches, regardless of attack type, involved the use of stolen credentials.5 Such attacks participate in a thriving underground economy that further exacerbates the problem.

While company adoption of platform businesses is increasingly driving business valuation and growth, the problem of digital trust is growing equally fast and eroding confidence across online communities. Individuals are wary about giving out too much personal information; partners fear the loss of confidential information and business processes, and global enterprises risk the loss of reputation and revenues when systems and customers are compromised.

Beyond the technological answers and in line with systems design thinking, authentication has to be an integral part of the experience lifecycle. User experience has become such a competitive differentiator that it is the main driver of the transition to passwordless technologies. Authentication ought to be designed holistically, leveraging open standards to ensure interoperability within and beyond a company and built upon adaptive, secure, and privacy-minded building blocks, to foster user trust, drive better adoption of services, and thus successfully pass the test of time. Why? For prosperity and security to reinforce each other.

The first section of this paper sheds light on the importance of authentication in digital transformation efforts, to support government and commercial leaders structure their approach. The second introduces a framework for future authentication systems, and the third builds the case for passwordless authentication. The paper concludes with a shortlist of five key passwordless technologies available for use.

It is worth emphasizing once more the importance of adaptiveness: security enhancement is a continuous process, there is no magic bullet. Cybercriminals will adapt and develop new means of attack, but the alternative authentication mechanisms presented here provide greater challenges to them and greater security in the foreseeable future.

Read more here