Fausto Oliveira, Principal Security Architect at Acceptto, says that passwordless is not the future. "It’s what we need now. Every year, security incidents continue to occur due to account takeover and the causes are well known. The most relevant of them is credential hijacking which accounts for approximately 80 percent of attacks," he says.
In the past, he notes, the focus on password complexity encouraged credential re-usage and increased the total cost of ownership (TCO) associated with password resets and Helpdesk calls without improving overall security. In general, he says, "any binary authentication, such as passwords, two-factor authentication (2FA) and some multi-factor authentication (MFA), including biometrics, are susceptible to fraud due to their binary nature. The industry needs to move away from passwords and start adopting passwordless solutions that do not threat authentication as a single event with a simple yes or no at point of entry, but as a continuum where user good behavior is constantly verified. It’s time to finally make World Password Day a thing of the past."