Security experts have discussed the demise of the passwords for years. As early as 2004, Bill Gates told the RSA Security Conference that passwords “just don’t meet the challenge for anything you really want to secure.” Change has been slow, but the sudden increase in remote working and the need for enterprises to become touchless as they try to encourage teams back to the office is increasing traction. Here we look at the future of passwordless authentication - using the example of trusted digital identities - and share tips on choosing a solution that works for your organisation.

The move away from passwords was beginning to gain momentum pre-pandemic. Gartner reported an increase in clients asking for information on ‘passwordless’ solutions in 2019. Now Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will put in place passwordless methods by 2022. This is up from 5% in 2018. The many limitations of passwords are well-documented, but the cost of data breaches may be the reason behind this sharp upswing. Stolen credentials – usually passwords – and phishing are the top two causes of data breaches according to the 2019 Verizon Data Breach Incident Report. Each breach costs businesses an average of anywhere between £4M to £8M depending on which studies you read.

A catalyst for change

As in so many other areas, the pandemic has been a catalyst for change. Newly remote workers using BYOD devices and home networks, sharing devices with other family members, and writing down passwords at home all make breaches more likely. And seasoned home workers represent a risk too. 

It also means that enterprises are developing new procedures to mitigate the spread of disease. This includes a thorough examination of any activity that requires workers to touch surfaces. Entering passwords on shared keyboards or touchscreens falls squarely in this area of risk. As does handling physical smart cards or key fobs. Enterprises are expanding their searches from “passwordless” to “passwordless and touchless,” looking to replace physical authenticators. In the quest to go touchless these are items that can be easily eliminated.

The future of passwordless authentication

Using fingerprint or facial recognition often only provides a new front-end way to activate passwords

Common alternatives to passwords are biometrics. But, using fingerprint or facial recognition often only provides a new front-end way to activate passwords. Passwords are still required for authentication after the biometric scan and these live in a central repository vulnerable to hackers. With one successful hack of the central repository, cyber-criminals can swipe thousands of details. In other words, biometrics on their own are not an improvement in security, only a better user experience. They need to be combined with a different approach that adds another layer of security.

A more secure option is to move away from the centralised credential repository to a decentralised model. For example, one based on trusted digital identities. This is where digital certificates are stored on users’ phones. Think of encrypted digital certificates as virtual passports or ID cards that live on a worker’s device. Because they are stored on many separate phones, you are able to build a highly secure decentralised credential infrastructure.

A solution that uses people’s phones is also compatible with touchless authentication systems. You can replace smart cards and key fobs with a phone-based security model and reduce the number of surfaces and items that people touch. This is especially beneficial for workplaces where people have to visit different sites, or for example in healthcare facilities. Replacing smartcards with a phone in a pocket reduces the number of items that clinicians need to take out and use a smartcard between and in different areas, which may have different contamination levels or disease control procedures.

How do trusted digital identities work?  

Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition

Here’s an example installation. You install a unique digital certificate on each user’s mobile device — this is their personal virtual ID card. Authorised users register themselves on their phones using automated onboarding tools. Workers unlock their mobile devices and access their trusted identity using fingerprint or facial recognition. Once they are authenticated, their device connects to their work computer via Bluetooth and automatically gives them access to the network and their applications with single sign on (SSO). This continues while their phone is in Bluetooth range of their workstation, a distance set by IT. When they leave their desk with their phone, they go out of range and they are automatically logged out of everything.

Five tips on choosing a passwordless solution

  • More automation means less disruption

Consider how you can predict and eliminate unnecessary changeover disruptions. The task of onboarding large or widely dispersed employee populations can be a serious roadblock for many enterprises. Look for a solution that automates this process as much as possible.

  • Scalability and your digital roadmap

Will you maintain remote working? Having a high proportion of your team working remotely means that passwordless solutions will become more of a necessity. Are you expecting to grow or to add new cloud apps and broader connectivity with outside ecosystems? If so, you need password authentication that will scale easily.

  • Encryption needs and regulatory requirements

If your workers are accessing or sharing highly sensitive information or conducting high-value transactions, check that a solution meets all necessary regulatory requirements. The most secure passwordless platforms are from vendors whose solutions are approved for use by government authorities and are FIDO2-compliant.

  • Prioritise decentralisation

Common hacker strategies like credential stuffing and exploitation of re-used credentials rely on stealing centralised repositories of password and log-in data. If you decentralise your credentials, then these strategies aren’t viable. Make sure that your passwordless solution goes beyond the front-end, or the initial user log-in and gets rid of your central password repository entirely.

  • Make it about productivity too

Look for a solution that offers single sign on to streamline login processes and simplify omnichannel workflows. For workers, this means less friction, for the enterprise, it means optimal productivity.

Security improvements, productivity gains and user goodwill all combine to form a compelling case for going passwordless. The additional consideration of mitigating disease transmission and bringing peace of mind to employees only strengthens the passwordless argument. The new end goal is to do more than simply replace the passwords with another authenticator. Ideally, enterprises should aspire to touchless workplace experiences that create a safer, more secure and productive workforce.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Xavier Coemelck Regional Vice President Sales & Services, Entrust Datacard

In case you missed it

Historic Spanish building upgrades security with ASSA ABLOY's SMARTair® wireless access control
Historic Spanish building upgrades security with ASSA ABLOY's SMARTair® wireless access control

Schools present unique challenges for security and access control. But what about a school that is also a heritage site of exceptional value? The Colegio Diocesano Santo Domingo in Orihuela, Spain, is more than just a school. Its historic buildings date to the 1500s, a heritage site as well as a place of learning — with a museum that requires the protection of the same access system. The college buildings are a Resource of Cultural Interest and on Spain’s heritage registry: They must not be damaged. Wire-free electronic locks were the obvious answer.   A wireless solution SMARTair® wireless locking devices now control access through 300 doors around the school. Electronic escutcheons, knob cylinders, and wall readers (including lifts) are connected to intuitive SMARTair software by a network of 38 HUBs. The school chose SMARTair Wireless Online management for their new keyless access system. This powerful management option enables real-time control of access to and around the site, even if the school’s data network is down. Automated emails inform security staff of any incidents, keeping students, teachers, equipment, and precious heritage safe. Real-time key management “The main benefit is the ease of real-time key management — from any place and at any time — via the wireless online management system,” says the school’s IT Manager, Francisco Fernández Soriano. “This increases security for children and for staff because no unauthorised people can enter the school.” In addition to the main entrances and classrooms, access to private spaces is constantly monitored “In addition to the main entrances and classrooms, access to private spaces such as lifts, offices, staff rooms, the church, the museum, the library, and the IT room is constantly monitored.” Scalable modular system Installation of the school’s SMARTair system required minimal work. Some doors date to the 16th century, so major alterations were not possible. “The system was installed without a hitch and also without any disruption to classes,” he adds. Because SMARTair is a modular system, scalability is built in. They can extend or fine-tune their access system when they choose. Indeed, the school’s “SMARTair Phase II” is already under discussion.

Hanwha Techwin America’s Wisenet Q series 4MP cameras safeguard Anaheim Union High School District (AUHSD)
Hanwha Techwin America’s Wisenet Q series 4MP cameras safeguard Anaheim Union High School District (AUHSD)

Hanwha Techwin America, a global supplier of IP and analogue video surveillance solutions, announced that Anaheim Union High School District (AUHSD), one of the largest school districts in California, has strengthened its security infrastructure with a district-wide solution that includes 1,250 Hanwha Techwin Q series cameras across 20 different locations. Anaheim Union High School District Located just outside of Los Angeles, AUHSD is a public-school district serving portions of the Orange County cities of Anaheim, Buena Park, Cypress, La Palma and Stanton and has an estimated 2,900 employees in 20 different facilities. In total, it serves approximately 29,000 students from grades 7 to 12. Despite its size and expanse, the district was lacking a robust security camera system that could allow administrators to monitor or document incidents on campus. “Other than a few sites with some DVR-based systems, we did not have any security cameras,” explained Erik Greenwood, Chief Technology Officer for AUHSD. IP security cameras installed AUHSD decided to strengthen its security infrastructure with a district-wide solution Additionally, as the district continued to grow, so did the seriousness of some of its security issues. After several security incidents and school shootings at other campuses across the U.S., the district faced mounting concerns from the community. AUHSD decided to strengthen its security infrastructure with a district-wide solution that would include IP security cameras at its centre. AUHSD officials collaborated with school principals, administrative staff, and local police departments to identify key areas where cameras should be placed, such as gathering points for students and the buildings’ main entrances and exits, as well as what specifications the system should have to produce viable footage for law enforcement. Wisenet Q series 4MP cameras The district brought on CA-based integrator, HCI Systems Inc., which recommended Hanwha Techwin’s QNV-7080R 4MP Network IR Vandal-Resistant Cameras. The Wisenet Q series 4MP cameras enable high-resolution monitoring with clear images, and the innovative hallway view feature maximises the area of surveillance in narrow locations, such as school corridors. In addition, these Q series cameras are equipped with IR function, enabling clear, sharp images in dimly lit environments and during the night. Robust set of technical specifications According to Greenwood, the Hanwha cameras were chosen as the key part of the system for several reasons. He said, “We had a very robust set of technical specifications in our RFP, and the image quality, frame rate and light specifications of the Hanwha cameras matched our requirements.” In addition to their rich feature set, the Hanwha camera configuration presented a streamlined solution. Greenwood further stated, “We didn't have a large quantity of different camera models which meant we didn’t need to keep stock of all sorts of lenses and other accessories. The committee liked that approach from a troubleshooting and ongoing maintenance standpoint.” Vandal resistance  The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process The vandal-resistant features of the Hanwha cameras were also a big factor in their decision process since the camera domes can easily be cleaned or swapped without having to replace the entire camera. The Hanwha cameras were installed throughout the district in entrances, exits, exterior restroom doors, staff work areas and in general meeting areas. They are helping the district keep eyes on campus vandalism, graffiti, any other potential threats and, in some cases, even monitoring certain personnel issues, such as inappropriate use of school equipment. Campus surveillance When an incident is reported, administrators can quickly access and review the security footage to see what happened. In all, Greenwood said, “It's been a great project that involved everyone and the new cameras have some great qualities.” Now that the installation is complete, AUHSD is taking a closer look to see where there may still be some blind spots and exploring where they might benefit from potential expansion.

Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach
Wire-free, mobile first and data rich? The future of access control is within almost anyone’s reach

The 2020s will be a wireless decade in access control, says Russell Wagstaff from ASSA ABLOY Opening Solutions EMEA. He examines the trends data, and looks beyond mobile keys to brand new security roles for the smartphone. The benefits of wire-free electronic access control are well rehearsed. They are also more relevant than ever. A wireless solution gives facility managers deeper, more flexible control over who should have access, where and when, because installing, operating and integrating them is easier and less expensive than wiring more doors. Battery powered locks Many procurement teams are now aware of these cost advantages, but perhaps not their scale. Research for an ASSA ABLOY Opening Solutions (AAOS) benchmarking exercise found installation stage to be the largest contributor to cost reduction. Comparing a typical installation of battery-powered Aperio locks versus wired locks at the same scale, the research projected an 80% saving in installers’ labour costs for customers who go cable-free. Battery powered locks all consume much less energy than traditional wired locks Operating costs are also lower for wireless: Battery powered locks all consume much less energy than traditional wired locks, which normally work via magnets connected permanently to electricity. Wireless locks only ‘wake up’ when presented with a credential for which they must make an access decision. AAOS estimated a 70% saving in energy use over a comparable lock’s lifetime. Find out more about wireless access control at ASSA ABLOY's upcoming 29th June webinar Deploying wireless locks In short, every time a business chooses a wireless lock rather than a wired door, they benefit from both installation and operating cost savings. A recent report from IFSEC Global, AAOS and Omdia reveals the extent to which the advantages of wireless are cutting through. Responses to a large survey of security professionals — end-users, installers, integrators and consultants serving large corporations and small- to medium-sized organisations in education, healthcare, industrial, commercial, infrastructure, retail, banking and other sectors — suggest almost four locations in ten (38%) have now deployed wireless locks as a part or the whole of their access solution. The corresponding data point from AAOS’s 2014 Report was 23%. Electronic access control Electronic access control is less dependent than ever on cabling Without doubt, electronic access control is less dependent than ever on cabling: Even after a year when many investments have been deferred or curtailed, the data reveals fast-growing adoption of wireless locks, technologies and systems. Is mobile access control — based on digital credentials or ‘virtual keys’ stored on a smartphone — an ideal security technology for this wire-free future? In fact, the same report finds mobile access is growing fast right now. Among those surveyed, 26% of end-users already offer mobile compatibility; 39% plan to roll out mobile access within two years. Before the mid-2020s, around two-thirds of access systems will employ the smartphone in some way. The smartphone is also convenient for gathering system insights Driving rapid adoption What is driving such rapid adoption? The convenience benefits for everyday users are obvious — witness the mobile boom in banking and payments, travel or event ticketing, transport, food delivery and countless more areas of modern life. Access control is a natural fit. If you have your phone, you are already carrying your keys: What could be easier? IBM forecasts that 1.87 billion people globally will be mobile workers by 2022 Less often discussed are the ways mobile management makes life easier for facility and security managers, too. Among those polled for the new Wireless Access Control Report, almost half (47%) agreed that ‘Mobile was more flexible than physical credentials, and 36% believe that mobile credentials make it easier to upgrade employee access rights at any time.’ IBM forecasts that 1.87 billion people globally will be mobile workers by 2022. Workers in every impacted sector require solutions which can get the job done from anywhere: Access management via smartphone offers this. Site management device The smartphone is also convenient for gathering system insights. For example, one new reporting and analytics tool for CLIQ key-based access control systems uses an app to collect, visualise and evaluate access data. Security system data could contribute to business success. The app’s clear, visual layout helps managers to instantly spot relevant trends, anomalies or patterns. It’s simple to export, to share insights across the business. Reinvented for learning — not just as a ‘key’ or site management device — the phone will help businesses make smarter, data-informed decisions. The smartphone will also play a major role in security — and everything else — for an exciting new generation of smart buildings. These buildings will derive their intelligence from interoperability. Over 90% of the report’s survey respondents highlighted the importance of integration across building functions including access control, CCTV, alarm and visitor management systems. Genuinely seamless integration They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term Yet in practice, stumbling blocks remain on the road to deeper, genuinely seamless integration. More than a quarter of those polled felt held back by a lack of solutions developed to open standards. ‘Open standards are key for the momentum behind the shift towards system integration,’ notes the Report. As well as being more flexible, open solutions are better futureproofed. Shared standards ensure investments can be made today with confidence that hardware and firmware may be built on seamlessly in the future. They offer greater peace of mind than proprietary solutions which ‘lock you in’ for the long term. Open solutions and mobile management are critical to achieving the goals which end-users in every vertical are chasing: scalability, flexibility, sustainability, cost-efficiency and convenience.