Over 85% of cyber attacks are caused by stolen credentials, phishing, social engineering, and keyloggers – all target passwords. Even the most complex and lengthy password is not immune to this wide range of attacks. Workforce commonly reuse passwords across personal accounts and enterprise resources, which translates into higher security risks. This means that, due to an increasing number of compromised properties (e.g. Dropbox, LinkedIn, Yahoo, etc.), hackers already have a way into your company’s data through already compromised passwords.
Customers and workforce are suffering from password friction and fatigue as a result of a growing number of passwords and increasing requirements for password complexity. Given that most consumers have over 150 unique logins across large and small online properties, password managers become too complex and have meager penetration; therefore, most individuals rely on “forgot password”, abandon engagement, or resort to unsafe online practices. Web and mobile application customers and workforce users are anxiously waiting for an innovative solution that eliminates the effort and frustration, while preserving or increasing security.
Conventional second factor authentication solutions add an extra layer of security to passwords but at the cost of more complexity and friction. Users disfavor the inconvenience of this added layer since it means entering long SMS-based codes (e.g. One-time passwords or OTPs), thereby becoming ineffective and insecure. Moreover, second factors still suffer from major security weaknesses proven vulnerable to mobile banking malware (e.g. Spy.Agent, Acecard, and GM Bot) and complex attacks that compromise OTPs. Don’t settle for outdated conventional second-factor authentication solutions.
NoPassword solution is uniquely secure against cyber attacks that existing identity management and other multi-factor authentication solutions – based on conventional credentials – are vulnerable to. With NoPassword, attackers can no longer perform remote logins or phishing. Because authentication requires the attacker to physically possess the intended target’s mobile device, it is reasonable to say that compromising millions of users’ credentials is impossible. The NoPassword mobile application takes advantage of comprehensive data protection methods (e.g. complex encryption) that prevent intercepting and tampering with the attained information.
Personally Identifiable Information (PII), such as biometrics or passwords, is NOT centrally concentrated or stored on the NoPassword servers. Instead, each user securely retains their PII on their mobile device, which means users are in full control of their private information. Neither the NoPassword team nor the enterprise system admins have access to users’ credentials and other PII.
NoPassword is designed for today’s mobile and workstation environment. NoPassword substitutes users’ passwords and conventional 2 factors by leveraging human (biometrics) and hidden (frictionless) multi-factor authentication. NoPassword not only delivers a higher level of security, but also enhances user experience. Our case study of enterprise workforce and customers using NoPassword solution demonstrates that NoPassword significantly decreases time and friction of authentication compared to using passwords along with 2 factors. Organizations whose employees resisted implementing 2 factors are now reporting that their employees are asking for NoPassword deployment for all of their resources. Enterprises that offer NoPassword to their customers realize dramatic drops in the number of password reset requests and see more users using their solutions more often.
NoPassword multi-tier and fault-tolerant architecture provides for 99.99% of uptime with low Recovery Point Objective (RPO) and low Recovery Time Object (RTO), irrespective of hosting options (on-prem or SaaS). The NoPassword solution is designed for the cloud and is based on trusted commercial infrastructure, including leveraging elasticity to meet large and even gatecrash spikes in login activity. NoPassword on-prem deployments can be run from one or two data centers in either active-active or active-passive deployment architectures.