As companies undergo digital transformation, almost every aspect of their business operations is now or will be digitally available. In today’s rapidly changing digital world, access management is critical to delivering personalized experiences, but the increasing threat of hackers requires a robust security infrastructure.
Recently, many cases have emerged where huge amounts of data have been leaked or accounts have been compromised due to an ineffective authentication system.
Uber is investigating a cyberattack on a provider’s website that left over 70,000 employee details in the hands of hackers. Even Indian Railways sought help from CERT-IN last month to investigate a data breach it claims is affecting 3 million users.
To deal with the volatile security scenario, companies are looking for passwordless authentication systems to enable hassle-free but more secure check-ins.
We spoke to Tushar Haralkar, Technical Sales Leader, IBM Security Software, India/South Asia Region about this paradigm shift.
Why a move towards a passwordless security infrastructure?
He explains: “When we set a password, we have to follow a lot of password guidelines, and then it also expires after a predefined time. On average, you have to remember at least 15 passwords. So it involves too much complexity.”
He further added: “Nevertheless, this is not enough because the passwords are still being compromised. So we’re seeing a shift from just one factor of authentication, which is username and password, to multiple factors, and then to biometrics, which is face recognition, fingerprint.”
What are the current solutions?
Haralkar says, “The next layer is why do we even have the password? Because if there’s a password, it’s hard to remember, it gets compromised.”
IBM introduced the Security Verify app to provide the access management service, he said.
It helps enforce risk-based access policies that offer minimal authentication friction when the user is known and stronger multi-factor authentication when risk is elevated, the New York-based company claims.
It includes passwordless authentication, single sign-on access, risk-based multi-factor authentication (MFA) among others.
So will passwords be a thing of the past?
Tushar says the passwords for critical operations will remain, but their use will be very limited. With the advent of behavioral biometrics, organizations also know if it’s a real user or someone else by checking how the user interacts with the device.