According to a recent cybersecurity study, over 80% of hacking-related breaches result from weak passwords. 24% of consumers have used passwords such as “password,” “Qwerty,” and “123456” in their lifetimes, and more than 60% of professionals use the same password for their job and personal apps. It’s little wonder businesses of all shapes and sizes are rethinking their cybersecurity policies and considering fresh approaches to reduce breaches.
As an app developer, finding new ways to make your software more secure, and reduce the chances of customer data entering the wrong hands, is critical. One wrong move and your app’s reputation could be destroyed, or worse still, you could be fined by regulators for data breaches. More and more developers are using technology such as two-factor authentication and biometrics, integrating Touch ID and Face ID into their software. Other solutions include tools and APIs like “Sign in with Google” and “Sign in with Apple.” But the next cybersecurity development is passwordless authentication: that is, user accounts without passwords at all.
When there are no credentials to steal, attackers have a harder job if they want to access personal data. And for consumers, it means one less password to remember or store in their digital wallet. Apple recently announced it would adopt passwordless technology in iOS 16 with its PassKey feature, but you can implement the technology across all of your platforms.
Below, we’ve put together some of the benefits and shared the potential challenges ahead…
Right now, one of the biggest challenges for developers is educating users on passwordless technology. Consumers are stuck in their ways, and many want to stick to tradition. After all, it’s easy to use a tool like LastPass to save all of your passwords in one place and have them auto-fill on your smartphone and desktop. Users may be sceptical of the technology, and you’ll need to explain the benefits of doing so. Stress the rise of cyberattacks and the importance of keeping data out of harm’s reach, and make the onboarding process as simple and straightforward as possible. The good news is that almost one-third (33%) of IT departments have already adopted passwordless authentication, so B2B clients should have no problem making the switch. For consumers, making the process simple by integrating with their email client or authenticator app will reduce friction and keep adoption rates high.
Although passwordless authentication is more secure than conventional password structures, it is not without risks. Malware is possible, and hackers may be able to intercept one-time passwords or access users’ email clients to collect ‘login links’. In some industries like fintech, hackers have replicated voice recordings and biometric features, though this is rare, and the security benefits outweigh the potential risks. Combining passwordless access with multi-factor authentication (MFA) options could make your software even more robust.
Passwordless account access is a more substantial barrier to attackers than a standard username and password. Security Magazine reports that more than half of consumers use the same password across multiple accounts. If just one password is breached or leaked onto the dark web, the chances are that cyberattackers will automatically gain access to several accounts and client data. Websites like have I been pwned suggest more than 11 billion passwords have been leaked online, and this figure likely only scratches the surface.
By eliminating the password entirely, developers can protect against phishing and brute force attacks. Phishing emails and texts won’t work as there are no credentials to be stolen, and brute force attacks won’t work as there aren’t usernames and passwords to be stolen. Creating fake one-time passwords, links, and push notifications is extremely difficult and time-consuming. Bad actors will instead look for easier targets and outdated technology.
Another benefit to passwordless access is improving your app’s user experience. With consumers more fickle than ever before and 28% of apps uninstalled within 30 days, it’s vital that yours is easy to use without friction or frustration. With passwordless authentication, your app’s users don’t need to create unique passwords with specific characters, remember them, or require them when logging in. Instead, they can authenticate using their email or phone with a one-time password or link or biometrics through Face ID and Touch ID.
Offering users a convenient login experience means they’re straight into the app or website, improving the customer experience. This can also reduce shopping cart abandonment rates.
For corporate apps, password management and cybersecurity can be time-consuming and expensive operations. If your IT department regularly has to reset passwords and respond to new legislation in markets like the European Union and the United States, costs can quickly add up. One organisation in the US managed to cut their password reset requests by 95% after switching to passwordless tech, contributing to over half a million dollars in IT savings.
Add on top of that the costs associated with password leaks, forced password resets and data recovery, and you’ll soon see why passwordless authentication makes sense. Granted, implementing the technology can take time in large organisations, but the pros outweigh the drawbacks, and whether you’re switching your corporate app or a consumer-focused app to passwordless technology, short-term challenges can result in serious cost-saving benefits.
If you’re looking for support improving the cybersecurity of your application, reach out to the team at Zudu today on 01382 690 080.
