Menu
Leeds based cyber security services

Moving Past Passwords: Effective Authentication Methods

One of the key pieces of cyber security advice organisations still issue to their staff is to use a strong password and change it regularly. However, as cyber threats continue to evolve in sophistication and scale on a daily basis, traditional password based authentication systems are increasingly seen as the weakest link in cyber security. 

Cyber criminals exploit weaknesses such as the reuse of passwords across multiple accounts and systems; and using passwords that are obvious and easy to guess, such as 12345 or even just “password.” In fact, research shows that reusing passwords is responsible for over 80 per cent of online data breaches. 

Here’s a look at how our Leeds based cyber security services can help you identify the most effective modern authentication methods for your business.

Why is it important to start moving away from passwords?

Passwords are not just a security risk: they are a hindrance to users who need to devise and remember several passwords of suitable complexity across a range of accounts. Inevitably, staff passwords frequently get forgotten and require frequent resets, which is a burden for IT teams who have to spend hours dealing with basic admin rather than core tasks. 

For businesses who require customers to login with a password, they can lead to abandoned online shopping carts as incorrect password details are entered. Rather than wait for a reset or create a new account, many customers will simply look elsewhere for the product. 

Despite the drawbacks, password use remains widespread as it is cheap, straightforward and easy to carry out. However, they are a leading cause of data breaches as they can easily be stolen or guessed. Most people have reused a password or used a very simple one at some point for convenience, as we tend to have multiple accounts and devices. 

However, as the drawbacks and security risks of using passwords continue to grow, it’s time for businesses and organisations to move away from heavy reliance on them. 

Alternative authentication models

Here are some account set up options to offer for a more secure, modern and up to date approach to authentication. 

Multi-Factor Authentication

Multi-factor authentication (MFA), sometimes also referred to as two-step verification (2SV) or two-factor authentication (2FA) requires more than one authentication method. 

For example, it might involve combining a password with a PIN code sent securely by SMS or email, a link to another trusted device such as a mobile phone, or biometric details such as facial recognition or a fingerprint. 

MFA is much more secure than using a password alone. It’s also widely supported by software, apps and devices, and reasonably cost-effective to implement. It is important for businesses to offer customers a range of authentication options, as they will have different preferences and technologies.

However, MFA can be a deterrent if it is required for every single use. Therefore, it is most suitable for higher risk activities, such as adding credit or debit card details to an account, making transfers or purchases with large sums of money, or changing key details of the account, such as name or address. 

Single sign-on variants (SSO) are more suitable for widespread use in organisations and for customer-focused sites, as they just require MFA to be used on set up. 

Biometric Authentication

Biometric authentication requires the use of data such as fingerprints, facial recognition, or iris scanning to verify identity. This is highly accurate and difficult to imitate, and is also a quick and easy to use method. However, it does require the storage of the user’s biometric data, which may raise privacy concerns.  It’s also dependent on compatible hardware. 

FIDO2/WebAuthn 

FIDO2 is a hardware-based authentication to create a passwordless standard that uses public-key cryptography with physical tokens or built-in platform authenticators (like Windows Hello or Face ID). It is often used if security is a critical issue, or the account users are particularly security conscious.

 

It means that no passwords are stored or transmitted for strong phishing resistance. This authentication method suits medium to large enterprises or data centre environments prioritising zero trust security. However, it might deter users who are not tech savvy or don’t own a smartphone. 

Risk-Based or Adaptive Authentication

This emerging method of authentication uses machine learning to assess login behaviour (e.g., time, device, location) and trigger additional verification only when behaviour seems risky. It’s convenient and quick, but may not yet be widely supported. 

Related Posts