Going ‘Passwordless’ is not straightforward
Organisations rushing to adopt passwordless authentication are doing so for a variety of reasons: to deliver stronger security, reduce IT support costs, support remote working and to adopt a Zero Trust approach to verify each access request. But it is not a simple process and should not be rushed.
Passwordless authentication simply replaces passwords with a more suitable authentication factor. This means moving from a centralised credential repository (where passwords are saved) to a decentralised model in which no passwords are saved and each individual is responsible for their own passwordless authentication. This therefore eliminates threats posed by passwords.
But unlike Multifactor Authentication (MFA) which secures organisations, users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems.
One of the biggest benefits of going passwordless is its simplicity. While most people have already adjusted to using password managers, there are still some passwords (like master passwords) that need you may need to remember.
By going passwordless, you can verify your identity without having to remember anything. You may need to authenticate with a mobile app or scan your face or fingerprint, and that’s it.
However, there are barriers to immediate adoption and a host of elements to consider before implementing a passwordless environment to the enterprise. Central to this is inertia. According to a survey from Cyber Security Insiders some 22% of businesses still need persuading of the benefits of going passwordless. This could be because of the difficulty in adapting an entire IT infrastructure to a passwordless login. According to this research, two-thirds of its sample claimed they did not have the right in-house teams and skills for the seamless adoption of passwordless authentication.
Many applications are just not designed to go passwordless because identity authentication has traditionally been fragmented. It’s a complicated picture, even among the cloud providers that include multifactor authentication and identity management as part of their services. There is no doubt that this is a journey many organisations are now embarking on as they realise that passwords really are the weakest link and are costing billions in terms of data breaches. But it is not an immediate fix – it is going to take time to scope, plan and implement. It certainly cannot be rushed.
You may be interested in
The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery
Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…
Outgrowing your MSP; businesses need a provider that scales with their growth
To stay competitive, business leaders must align with MSPs that deliver strategic value, drive innovation, and support to scale. Now firmly into 2025, it’s becoming clear what the year has in store for the IT landscape. For SMBs, the message is clear: business growth must be matched with smarter, more scalable managed services. The demand for cyber-resilient, cloud-first and AI-integrated solutions is no longer a forecast – it’s a reality already shaping business priorities. According to leading global technology market analyst firm Canalys’ MSP Trends 2025 report, the MSP model is transforming under growing pressure…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be. In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining…
UK SMEs must fortify their cybersecurity against geopolitical risks, says Espria
A recent Sky News investigation highlighted an uptick in cyberattacks tied to the Iran conflict that are targeting businesses across multiple sectors. Speaking at the NATO Summit, Prime Minister Sir Keir Starmer urged UK businesses, regardless of size or sector, to prioritise cybersecurity and ‘take immediate steps to review and strengthen their defences.’ While the warning is timely in tone, businesses are already becoming targets of politically motivated cyberattacks, emphasising the need for heightened vigilance. “As tensions spread globally, threat actors will continue to exploit digital vulnerabilities, and neutral businesses may be caught in the…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Why Businesses Should Invest in ESG: Lessons learned by Espria
In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…