Passwords are a hassle for both internal and external users, and there are now better login methods available. Daniel Hjort, Director Smart ID Management at identity and security company Nexus Group, gives you 9 reasons why your users will love your organization for saying goodbye to login with username and a static password.
1. Passwords are not secure.
“Users of course do not want unauthorized people to access their accounts and information. If their password is compromised, they will most likely put at least some of the blame on your organization. And they are right to do so: login with username and a static password is not secure, and it is irresponsible of your organization to force your users to keep using passwords,” says Hjort.
2. Passwords have to be remembered.
“And one cannot reliably remember loads of passwords, so users have to find ways around it, for example, using sticky notes, using the same password everywhere or using password management tools. These aids are neither secure nor user friendly,” says Hjort.
3. Passwords are forgotten or lost.
“This means that the users have to go through an often time consuming process to get a new password. It can be as easy as requesting an automated email with a link to reset the password for a web service – or it can be as complicated as having to contact the IT helpdesk to have them give you a new password for your computer,” says Hjort.
Do you want to learn more about saving time? Download E-book: The state of IT security 2018
4. Passwords should be long and complicated.
“With the ambition to make the use of static passwords more secure, organizations often oblige the users to make the passwords really long and complicated. But the users do not appreciate this, neither when their attempts at creating a new password are rejected again and again, nor when they have to type in long strings with letters in different cases, numbers and symbols. Especially not when they are trying to do it on a mobile keyboard,” says Hjort.
5. Users are often forced to change their passwords regularly.
“The thinking is that this makes the use of static passwords more secure, but the users are not thankful – they are irritated. And I understand them: I also get annoyed with those pop-up things telling me that my password is about to expire in a few days. Forcing users to change passwords frequently might also lead to users opting for weak passwords,” says Hjort.
6. More user-friendly authentication methods are now available.
“Earlier, saying goodbye to login with username and a static password often meant saying hallo to an even more user-unfriendly authentication method. That is no longer the case. For example, two-factor authentication (2FA) using your mobile phone is super smooth: Instead of entering your password to login to an online service on your computer, you get a pop-up notification in your mobile phone, prompting you to press the fingerprint reader. When you do, you are instantly logged in to the online service on your computer. And with single-sign on activated, this also means that you simultaneously are logged in to a number of other online services,” says Hjort.
7. You can offer your external users more online services.
“Switching to more secure authentication methods enables your organization to digitize its business, since it enables you to know your customer/client (KYC) online. If your organization says goodbye to passwords, you can, for example, offer your users online banking or the ability to interact with your government agency via the internet. Users love to do their errands, transactions and business online at any time and from any device, instead of having to call you, go to your office in person, or sign documents you send them,” says Hjort.
8. You can offer your employees more efficient tools.
“After implementing more secure authentication methods, you can confidently let employees use cloud services, such as Office 365, Salesforce and JIRA. Being able to securely use cloud services makes a very wide range of efficient and cost-effective tools available. Your internal users will also love you for making Windows login smoother by replacing username and a static password with 2FA,” says Hjort.
9. Your employees can work from a distance.
“Saying goodbye to passwords means that you no longer rely on physical access protection for securing your digital information, which means that you can let your employees access sensitive information from wherever they are,” says Hjort.