Gartner has published a roadmap for companies that want to migrate to a passwordless authentication setup. The report identifies some of the most common roadblocks, and details some basic steps that businesses can take to improve their security in the short term while laying the groundwork for a more permanent switch.
The first task, according to Gartner, is to figure out exactly what the organization wants its new authentication system to look like. Each organization will have different security needs, with different technologies and different thresholds for risk and the amount of friction they are willing to tolerate. That needs to be taken into consideration when implementing a new security plan, especially since there is not yet a universal passwordless authentication standard.
In that regard, Gartner noted that the lack of a universal standard is one of the major sticking points for many businesses. Administrators who do not have a clear vision will often do nothing instead of working proactively to improve their security. Identifying key priorities can help bring the task into focus, and generate forward momentum with manageable goals that are easier to achieve.
The next step is to “minimize time to value.” In plain terms, that essentially means that organizations should take the easy wins, and implement passwordless security solutions that take advantage of their existing hardware. For example, many businesses have already made the switch to Windows 10, and can therefore start using Windows Hello for Business with minimal setup and without needing to make any significant investments in new technology.
Magic links and phone-as-a-token solutions are some of the other more accessible passwordless security options. Gartner noted that many of those solutions are not perfect, and may not provide coverage for an entire organization. However, some progress is better than no progress, and solutions that use current technology can override any objections that some cost-conscious managers may have about spending money on a new authentication framework.
Finally, Gartner encouraged businesses to be forward-thinking, so they can implement a more universal authentication solution in the future. The company noted that the FIDO2 protocol is poised to become the new standard for enterprise applications, and that 25 percent of all multi-factor authentication transactions will utilize a FIDO token by 2025. Biometric authentication is also expected to become more popular in consumer-facing channels.
Gartner stressed that true universal coverage may not be achievable, so organizations should be prepared to invest in dedicated tools to enable passwordless security for anything that sits outside of their central infrastructure. The firm believes that 50 percent of all business transactions and 20 percent of customer authentication events will be passwordless within the next three years.
March 8, 2022 – by Eric Weiss