Going ‘Passwordless’ is not straightforward

passwordless-sm

Organisations rushing to adopt passwordless authentication are doing so for a variety of reasons: to deliver stronger security, reduce IT support costs, support remote working and to adopt a Zero Trust approach to verify each access request. But it is not a simple process and should not be rushed.

Passwordless authentication simply replaces passwords with a more suitable authentication factor. This means moving from a centralised credential repository (where passwords are saved) to a decentralised model in which no passwords are saved and each individual is responsible for their own passwordless authentication. This therefore eliminates threats posed by passwords.

But unlike Multifactor Authentication (MFA) which secures organisations, users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems.

One of the biggest benefits of going passwordless is its simplicity. While most people have already adjusted to using password managers, there are still some passwords (like master passwords) that need you may need to remember.

By going passwordless, you can verify your identity without having to remember anything. You may need to authenticate with a mobile app or scan your face or fingerprint, and that’s it.

Password image

However, there are barriers to immediate adoption and a host of elements to consider before implementing a passwordless environment to the enterprise. Central to this is inertia. According to a survey from Cyber Security Insiders some 22% of businesses still need persuading of the benefits of going passwordless. This could be because of the difficulty in adapting an entire IT infrastructure to a passwordless login. According to this research, two-thirds of its sample claimed they did not have the right in-house teams and skills for the seamless adoption of passwordless authentication.

Many applications are just not designed to go passwordless because identity authentication has traditionally been fragmented. It’s a complicated picture, even among the cloud providers that include multifactor authentication and identity management as part of their services. There is no doubt that this is a journey many organisations are now embarking on as they realise that passwords really are the weakest link and are costing billions in terms of data breaches. But it is not an immediate fix – it is going to take time to scope, plan and implement. It certainly cannot be rushed.

What’s in this article

    You may be interested in

    Split-screen image showing copilots on one side and interconnected AI agent network on the other, representing the evolution of AI in business.

    Beyond Copilots: Why AI Agents Are the Next Competitive Advantage

    AI is no longer a tactical tool, it’s becoming the engine of enterprise transformation. While copilots and other generative AI tools have helped teams work faster, the real breakthrough is happening with AI agents: autonomous systems that don’t just assist but act, learn and orchestrate entire workflows across the business.  The question every executive should be asking is:  “How will we harness AI to create value at scale before our competitors do?”  High-performing organisations aren’t waiting. They’re embedding AI agents into daily operations and seeing measurable impact; accelerated decision-making, leaner processes and stronger financial outcomes.  When markets move at digital speed, standing still means falling behind. Here’s why:  So, the question isn’t “Should we adopt AI?”, it’s “What could…

    Read the article

    Digital shield surrounded by security icons, representing Zero Trust protection for employees and devices.

    Zero Trust Networking

    Protecting Employees Without Friction Your workforce is your greatest asset, and your greatest vulnerability. Attackers know this, which is why phishing and credential theft remain the most common entry points. But here’s the leadership challenge: how do you protect employees without slowing them down? Zero Trust answers that question by making security invisible yet uncompromising. Employees work from anywhere, home, client sites, airports, without clunky VPNs or endless password resets. Behind the scenes, every login is verified, every device assessed, every anomaly flagged. If something looks wrong, a compromised credential, an unusual location, the system reacts…

    Read the article

    Split-screen image showing shadow AI chaos with warning icons on one side and secure AI governance with padlock and compliance symbols on the other.

    Shadow AI: Executive Briefing on Real Risks, Business Impact and Mitigation 

    Shadow AI is here, and it’s growing Shadow AI is the use of artificial intelligence tools and platforms outside the oversight of IT, security, or compliance teams. This is not a hypothetical concern. KPMG’s 2025 global survey found that up to 58% of employees are using AI productivity tools daily, and nearly half admit to uploading sensitive company information to unauthorised platforms. Only 41% of employees say their organisation has a policy guiding the use of generative AI, revealing a significant governance gap.  The Risks Are Real and Substantial  The evidence from leading analysts and recent incidents is clear:…

    Read the article

    Boardroom table overlaid with cybersecurity icons, representing the shift from compliance to strategic cyber resilience.

    Cyber Resilience in 2025: From Tick-Box to Boardroom Imperative

    What the NCSC’s 2025 Review Means for UK Businesses  The National Cyber Security Centre’s (NCSC) 2025 Annual Review is a wake-up call for business leaders across the UK. The days when cyber security was simply an IT concern or a routine compliance task are over. With a record number of nationally significant cyber incidents handled in the past year (more than double the previous year’s figure), it is clear that cyber risks have become a central issue for organisational survival and national prosperity.  The Evolving Threat: Why Businesses Can’t Afford Complacency  No sector has been spared in the latest…

    Read the article

    IT support team providing talking to a customer over a headset, with a bar chart indicating business growth

    Is Your MSP Really Helping You Grow — Or Just Keeping the Lights On?

    There’s a moment in every business where the question quietly surfaces:  “Are we getting what we really need from our IT provider?”  It’s not always easy to answer. On the surface, things seem fine. Tickets are resolved. Reports arrive. There’s someone to call when things go wrong. It’s familiar. It’s comfortable. And that comfort can be deceiving.  Because beneath the surface, many organisations are stuck in a service relationship that feels safe — but is actually stagnant.  And here’s the truth: comfort isn’t the same as progress.  For many, the idea of changing MSPs or challenging the…

    Read the article

    The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery

    Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…

    Read the article