It's safe to say that no one is crazy about passwords. For chief information security officers, there's the nightmare of employees leaving lists of passwords on their desks or putting them on Post-it notes on their computers. For workers, there's the inconvenience of having to enter multiple passwords to gain access to various devices and resources.
Passwordless authentication technology is designed to address these issues, and use of these tools is on the rise. A recent survey of 200 CISOs by Wakefield Research, sponsored by security vendor Portnox, showed that a significant majority (92%) of the security leaders said their organizations had implemented or were planning to implement passwordless authentication. That's up from 70% in 2024. CISOs cited improved employee productivity and enhanced user experience as the top benefits.
Passwordless authentication verifies user identity without the need for traditional passwords, through alternative methods such as hardware tokens, biometrics, or mobile push notifications. It offers potential benefits such as enhanced security and improved user experience.
Training services provider Universal Technical Institute has begun using a passwordless platform from Microsoft, "and as we expand adoption, the benefits show up quickly, with fewer password resets, fewer service desk tickets, and a faster start to the day," said Adrienne DeTray, senior vice president and CIO at the company.
"The bigger impact is cultural," DeTray said. "It shows that we're serious about making technology feel lighter and more human again. Over the years, we've added so many systems and logins that the weight of technology has become part of the work. This is one of those steps that helps remove that administrative drag and makes the ecosystem feel more seamless and connected."
It's not just about security, DeTray said, but user experience as well. "Every password reset or lockout slows people down and chips away at their focus," she said. "Passwordless takes that friction out of the day and gives people time back. It's part of designing a connected ecosystem where security and usability work hand in hand."
MFA losing status as 'gold standard' cybersecurity
R Systems International, a provider of digital product engineering services, is in the midst of a phased migration to a passwordless environment, said CTO Srikara Rao. "For us, this isn't about chasing a trend, it's a direct response to the fact that our previous gold standard, multi-factor authentication, is showing its age," Rao said. "The threat landscape has evolved past what traditional MFA can handle."
R Systems' decision to make the move is driven by both security and business enablement factors. "Credential-based attacks remain the top threat vector, with a significant rise in phishing attempts and several near-miss incidents underscoring the urgency to act," Rao said. "We want to promote solutions within our organization that are phishing resistant."
On the operational side, password resets have become quite expensive, Rao said. Resets can be costly due to direct labor expenses and significant indirect costs such as lost employee productivity and IT resource drain. Research firm Forrester estimates that a single password reset can cost $70, and this can add up quickly for large enterprises.
... continue reading