In an exclusive interview with Karthick ChandraSekar, Associate Director at ManageEngine, we discussed how passwordless authentication is revolutionizing cybersecurity in Malaysia. He highlighted how this approach, using biometrics and multi-factor authentication, enhances security by eliminating password vulnerabilities. Karthick emphasized its role in helping businesses strengthen their defenses, comply with regulations, and improve user experience in an increasingly digital landscape.
1. What are the main security issues associated with traditional passwords?
As cyberthreats become more sophisticated, traditional password-based authentication techniques fail to secure sensitive data and guarantee safe system access. Traditional passwords are susceptible to phishing assaults, brute-force attacks, and social engineering. Because users frequently reuse or select weak passwords, attackers often utilize password spraying and credential stuffing to easily gain access to accounts.
Passwordless authentication improves both security and the user experience by enabling users to access systems without needing to input a password or answer security questions. It relies on alternative methods such as biometrics, hardware tokens, or single-use codes sent via email or SMS.
Organisations worldwide continue to emphasise cybersecurity in the quickly changing digital landscape. In Q4 2023, 1,536 incidents were reported to the Cyber999 Incident Response Centre. In contrast, 1,555 events were reported in Q1 2024, representing a 1% rise in incidents over Q4 2023.
According to ManageEngine’s latest global survey on identity security, malicious insiders, ransomware attacks, and social engineering attacks are considered the top three threats to IT resources and identities today.
The survey also indicated that 79% of Malaysian respondents believe they need to adopt more identity security tools to deal with potential identity security threats. Over one in three believe that their organisation has currently only partially implemented the tools essential to protect their privileged identities and resources across all essential functions within their organisation. With the rise of AI-powered cyberattacks by cyber criminals, 60% of respondents strongly believe that AI advancements will help them strengthen their enterprise’s identity security strategy.
2. How does passwordless authentication enhance security compared to traditional password methods?
Passwordless authentication eliminates the need for passwords and lowers the dangers associated with repeated or insecure credentials. Utilising technology like hardware tokens, biometrics, and multi-factor authentication makes it more difficult for hackers to access accounts via conventional techniques. Passwordless authentication delivers three key benefits:
1. Passwordless authentication enhances overall security. The hazards connected with weak or stolen passwords are removed with passwordless authentication. It considerably lowers the possibility of unwanted access by utilising unique identifiers like biometrics or hardware tokens.
2. Users don’t have to reset their passwords frequently or remember complicated passwords, and this improves their overall user experience. The smooth and effective login process that passwordless authentication provides raises user satisfaction levels overall.
3. For IT teams, password management can be an expensive and time-consuming task. By eliminating the need for password resets and assistance, passwordless authentication lowers administrative expenses and frees up resources for other crucial duties. According to the same ManageEngine survey, in Malaysia, 40% claim lack of budget is the primary reason for their IT stack still not being ready for the future.
3. How does passwordless authentication mitigate common cyberthreats such as phishing and credential theft?
Passwordless systems are intrinsically resistant to phishing and credential theft since they do not require a password. It is impossible for hackers to fool people into disclosing a password that does not exist. Furthermore, it is more difficult to fake modern identification techniques like biometric verification. Admins no longer have to worry about workers in their companies using passwords that have already been compromised, which might have resulted in a successful credential-stuffing attack.
Passwordless authentication offers several key benefits for organizations that adopt this practice, enhancing both security and the user experience. It reduces the attack surface and lowers the chances of phishing, brute force, and credential stuffing attacks. It also enhances the user experience by simplifying the login process and offering faster authentication.
4. How does passwordless authentication enhance user experience?
Passwordless authentication simplifies the login process, reducing friction for users and eliminating the burden of remembering and entering passwords each time they want to access protected IT resources. The best examples of passwordless authentication that enhance the user experience are biometric authentication, such as fingerprint scanning or facial recognition, mobile authentication, or OTP authentication. These methods are fast, secure, and convenient, allowing users to log in without remembering or typing passwords. They seamlessly integrate into devices like smartphones and laptops, providing a friction-less experience while maintaining a high level of security.
5. What are the opportunities and challenges organisations might face when adopting passwordless authentication?
Adopting passwordless authentication enables enhanced security and a more seamless user experience. Passwordless authentication is becoming more and more popular in a variety of areas, including retail, healthcare, and finance, as organisations realise its advantages. This will lead to the broad use of these technologies.
It can be difficult to integrate passwordless authentication with older programs and systems. It’s vital to verify that the solutions your organisation uses can be smoothly integrated and are compatible. When using passwordless authentication, biometric data and other personal identifiers present privacy risks. To address these issues, put in place strong data protection procedures and adhere to pertinent privacy rules. While passwordless authentication increases security, it is crucial to strike a balance between security and usability. Select techniques that provide robust security while maintaining an optimal user experience.
