Less than one in ten businesses now rely solely on passwords for identity authentication, and the majority will be rid of them completely by 2025, according to research released.
Lawless Research collected survey responses from 600 professionals responsible for authentication methods at US companies of 100 or more employees in April to compile the report. It shows that almost four out of five (79 percent) online accounts are “protected” by duplicate passwords, and over half of all consumers use five or fewer passwords to protect every element of their online identity. Given that it takes less than a third of second for a hacker to crack a seven letter password, even unique passwords are much less secure than they once were.
Businesses are now catching on to this change, as seven out of ten companies no longer believe passwords offer sufficient security on their own. Passwords are still the most popular authentication, but while they are used by three-quarters of companies, only 7 percent rely on them exclusively.
Adding additional security to passwords seems to be an early step down a path away from passwords altogether.
36 percent of companies plan to stop using them within four years, and just as many plan to move beyond passwords in 5 to 9 years.
Companies are sold on the potential of behavioural biometrics, with 83 percent agreeing that it would increase security without adding friction to the user’s experience.
Over three-quarters of businesses surveyed plan to or have already implemented behavioural biometrics. Two-factor authentication is even more popular, however. It will be used by 85 percent of organizations within the next 12 months, with a roughly even split between those who have implemented it and those planning to.
Among the barriers to adoption, cost was most commonly cited (42 percent), but only slightly ahead of uncertainty about effectiveness (37 percent). Concerns about consumer resistance and a lack of knowledge about the technology were also chosen by 27 and 23 percent, respectively.