With World Password Day in May encouraging us to vary and strengthen our passwords, at Ubisecure we’re asking, ‘why do passwords even still exist?’. The fact is that there are so many options for secure and convenient access to an application, that organisations still forcing passwords on their users have no excuse.
So what are the alternatives to passwords?
Passwords are not your only choice when creating a login experience for your users! And for services that store sensitive user data (i.e. most online services), multiple steps to authenticate your users’ identities will help you stay secure and compliant.
Multi-Factor Authentication (MFA, 2FA)
Multi-factor authentication (MFA, aka 2FA) is a method of verifying a customer’s identity by requiring them to present more than one piece of identifying information or form factor. These could be combinations of, for example…
- Social media identities (Facebook, LinkedIn etc.)
- National IDs
- Bank IDs
- Mobile IDs
- Business account
- Biometrics (fingerprints, facial recognition etc.)
- PKI (Public Key Infrastructure)
You’ll notice that these options are all identities which already exist, meaning users won’t need to create another identity to access your service. This removes the need to remember a new username and password. In the digital identity industry, this is referred to as ‘Bring Your Own Identity’.
Regulation dictates that banks, telecoms and other KYC (‘Know Your Customer’)-led organisations must perform strong identity verification when onboarding customers. So by integrating these sign on options to your application, you benefit from the existing strong identities verifying your users.
A note on social identities
‘Sign in with [insert social media service here]’ deserves a special mention, as it is one of the most commonly known options. Social sign-on provides a great customer experience – which, as we know, is a prerequisite to running a successful business. A significant number of new visitors to your application will already have a social media account, thus winning you points on the convenience front.
Although social identities have the benefit of convenience, they’re not always a sufficient security measure when used as the sole barrier to service access. This is partly because anyone can set up a social media account, without robust verification of their true identity. It’s also because social media giants like Facebook have notoriously suffered data breaches in the last few years, potentially exposing log in data and leaving your application vulnerable to hacks. So make sure that you’re using MFA if social media sign-on is one of your identities of choice.
How to remove passwords from your sign in experience
If I’ve convinced you to get rid of passwords for your users, you’re probably wondering how to go about implementing an alternative.
The Ubisecure Identity Platform conveniently, securely and privately connects existing strong (verified) identities from government, banks, and other identity providers (IdPs) to applications and services.
Find out more about connecting identity providers and bring your own identity (BYOI).
About The Author: Francesca Hobson
As Senior Marketing Manager, Francesca aims to provide valuable insights on digital identity through our Let's Talk About Digital Identity podcast, blogs, industry events and content library.
More posts by Francesca Hobson