Solutions to this Password Problem
If so many people are getting turned away from using websites due to not wanting to vary up their passwords, what can we do as a society to encourage proper web security? Well, Beyond Identity itself is looking at a solution to this problem. Just recently, they released a product that allows businesses to set up passwordless authentication methods:
“The tool lets visitors opt in to passwordless authentication by signing up with their username (typically an email address). They are then sent a link; when they click, a public-private key pairing is made and an X.509 certificate gets issued. From then on, when the visitor accesses the site, they can enter their email address and are fully logged on.”
Of course, this comes with its own problems. While it’s far easier for people to log into their accounts, it’s also far less secure. Considering even the most trivial online accounts (for things like pizza delivery or streaming shows online) can include things like credit card information, people would need to be very cautious about using this method.
“And then consumers will demand passwordless for their most treasured and important online accounts – banking and shopping. Next, they’ll want that same convenience and security for their work accounts.” – Jack Poller, Senior Analyst at Enterprise Strategy Group
A lot of cyber security professionals are concerned about this method. Upon reading the report above, companies may begin licking their chops and thinking about how removing passwords can lead to them optimizing sales and limiting the amount of abandoned shopping carts, but if something does go wrong, it will likely be the customer who pays for it.
“What helps account takeovers is true multifactor authentication and the use of password managers, which can help minimize password resets or enable the ability to detect account takeover. While e-commerce sites want to maximize the flow of orders, that priority can’t lead to a security race-to-the-bottom.”
– John Bambenek, Principal Threat Hunter at Netenrich