"It's possible to get there, says Shahrokh Shahidzadeh, CEO at authentication vendor Acceptto, but today, many companies still fall back to passwords or PINs. "Unfortunately, it takes a concerted effort and cross-organization collaboration," he says. "The whole industry relies on passwords."
As a result, most companies who offer passwordless authentication, still have passwords on the back end -- with all the security problems that they create. The passwordless authentication is a choice offered to customers in addition to passwords, not a full replacement. Still, he says, 5 million end users at companies like Aetna have opted into Acceptto's password authentication system."
"Unless you have solutions that keep track of the behavior of people, people will get privileged access to data," says Shahidzadeh. "It has to be cognitive and continuous and actionable -- if you detect an anomaly, you need to kick the person out."