Don’t be surprised if your company decides to do away with password logins. A new survey has found that most organizations are leaning toward phasing out password authentication.
The results comes from Wakefield Research, which surveyed 200 IT decision makers in the U.S. last month. Sixty-nine percent of the respondents said they will probably do away with passwords completely in the next five years.
Password login systems, though commonplace, are too vulnerable to hacking, according to SecureAuth, the company that commissioned the study. Not surprisingly, SecureAuth sells alternatives to password-based logins.
“It’s indisputable that passwords aren’t a safe authentication method,” SecureAuth CEO Craig Lund said on Thursday. “They (the IT decision makers) recognize that and want to get away from them.”
Recent data breaches involving stolen login credentials highlight the problem. Last month, Yahoo reported that a hacking incident from 2014 may have lifted details from 500 million user accounts, including email addresses and hashed passwords.
Not helping the matter is that users sometimes secure their accounts with easily guessable passwords. In other cases, they get lazy and re-use one password for multiple internet accounts.
SecureAuth specializes in other types of logins. Typically, they involve a combination of methods, including one-time pass codes. These are sent to the user over a registered phone number or email address as a way to grant access.
Other methods can involve biometrics, such as scanning the user’s fingerprint. Or they can look at the time and place where the user is accessing the service and whether it fits into the person’s normal patterns, he said.
SecureAuth can also go as far as monitoring the keystrokes and mouse movement on a user’s device and analyzing them for atypical behavior.
“One of our clients is actually moving completely away from passwords,” Lund said. When they do, only certain pre-checked devices will be able access the company network. Those devices will be assigned to specific users, and SecureAuth will monitor the access for any abnormal activity, like logins from remote locations or at times when those users don’t normally work.
“By combining all those methods together, we can be confident of who these users are, and where they are,” Lund said.
Although many organizations want to move away from passwords, there are still challenges to doing it. According to the survey, 42 percent of respondents said a “disruption to users’ daily routine” stood in the way of making changes.
Another 42 percent said resistance by company executives was a problem.