Delinea has published a new report that examines the future of passwords to reveal insights about the evolution of authentication and access in the workplace. The report, titled, “The Future of Workplace Passwords: Not Dead, but Evolving,” found that the majority (68%) of 300 US IT decision makers say that passwords aren’t dead, with over half of that group (53%) stating they believe passwords are simply evolving into something new.
The survey, conducted by Censuswide on behalf of Delinea, specifically aimed to understand the future of passwords in the workplace in light of recent traction by other authentication options in consumer technology such as smartphones, personal email accounts, and mobile apps. The polling found that solutions users are already familiar with using in their personal lives are also the most likely to replace passwords in the workplace, such as biometrics (58%), other multi-factor authentication (MFA) technologies (46%), one-time passwords (37%), and Passkeys (35%).
“The term ‘passwordless’ often elicits a strong response, either by those claiming passwords will never die or those claiming they will inevitably go away. Our latest research shows that it doesn’t have to be one or the other, and that a range of authentication options are encouraging a future where passwords still exist but are in the background,” said Chris Smith, Chief Marketing Officer at Delinea. “The passwordless evolution won’t happen overnight though, and organizations need to ensure that they are taking necessary steps to avoid introducing new risk into the workplace by trying to move beyond passwords too quickly.”
The survey revealed that most organizations are still years away from a passwordless reality. While 30% stated their organization has already started this transition, 36% claimed they are still 1-2 years away while 21% admitted they are 3-4 years away. Standing in their way are several obstacles including legacy platforms and apps that require passwords and MFA (43%), the need for consistent authentication methods everywhere (37%), and employees who don’t understand or trust passwordless processes (28%). Furthermore, 95% of respondents stated that their companies must meet at least one set of compliance requirements, requiring organizations to demonstrate access controls which can become more complicated by adapting to new authentication methods.
Despite these impediments, it’s clear that the user experience must evolve with 35% expecting access to workplace systems to require MFA challenges at login, even as 19% expect a future where no username or password is required. Almost 60% of respondents also indicated that their organizations are using a Privileged Access Management (PAM) solution to manage workplace passwords. PAM solutions can help organizations move passwords into the background, as they continue using legacy technology, moving to the cloud, or beginning to leverage passwordless solutions. Combined with biometrics and other authentication technologies, PAM can both enforce a least privilege approach and federate access to resources without productivity-reducing requirements for passwords.
Finally, the report shines light on perspectives about Artificial Intelligence (AI) and its role in cybersecurity. While 83% said that they see AI as a defender, half of those respondents also admitted that it could also be a threat.
“Workplace password management practices are evolving, even though organizations haven’t yet radically moved away from traditional passwords,” Smith continued. “As biometrics become more accurate, legacy technology gets replaced, and Artificial Intelligence creates a stronger safety net, enterprises will likely become more comfortable with a passwordless future.”