Developing a Password[less] Strategy for Your Business

The future is passwordless, and businesses are already making the transition. According to The 2023 Workforce Authentication Report, 92% of businesses have or plan to move to passwordless technology. Ninety-five percent of them are currently using a passwordless experience in some form. That said, passwords aren't in the rear view mirror just yet.  Passwords, as troublesome as they are, will still be a part of our login experience today, tomorrow, and for a while to come. Given this reality, the key to a good password[less] strategy – which involves fewer passwords in general – is to make sure that your employees can embrace the future while keeping an eye on the present.  Can passwords and passwordless authentication live in harmony? We think so. It just means developing a strategy to embrace the hybrid now. These three steps will help you get started.

1. Set your employees up for success

Your employees will need extra support during the transition to passwordless authentication. After all, going passwordless is still going to involve a learning curve, even if it happens gradually. Fortunately, there are a few things you can do now to prepare your employees for passwordless authentication.  First, take a look at your current tech stack and determine where it makes sense to integrate passwordless authentication. Review how all of your users log in, where they are located, and what kinds of devices they use to access their accounts. Consider what their authentication process looks like today and how it might change in a passwordless scenario. If you already take advantage of biometric authentication, for example, then it might be logical to use biometrics when you implement passwordless authentication since users will already be familiar with them. Also investigate how the account recovery process will work, so your employees won't find themselves in a bind if one of their devices is lost or stolen. Another great way to set your employees up for success is by educating them on the basics of passwordless authentication, how it happens, and what it involves. If you plan to use biometrics or hardware keys, explain why these tools are effective and how people use them to securely log into their accounts. Also show your employees what logging into their accounts will look like down the line, when they're using fewer passwords (and, say, using passkeys instead). That way, your employees will be able to visualize what the experience will be like when it comes time to embrace passwordless authentication.

2. Keep enforcing password best practices

It goes without saying that as long as your employees are still using passwords to log in, you'll need to keep enforcing password best practices to keep your critical business data safe. At a minimum, make sure each of your employees uses a strong, unique password for each of their accounts. The perils of employee password re-use are well documented, so you'll also want to prohibit that practice. Otherwise, your business may find itself the victim of costly and damaging data breach. Multi-factor authentication (MFA) is another password best practice worth adopting during the transition to passwordless authentication. As the name suggests, MFA lets you add another factor, or form, of authentication to the login process. That way, you won't be relying solely on passwords to secure employee accounts and the business data they access. You can even choose to implement passwordless technologies such as fingerprint scanning or facial recognition, which are beginning to show up in the consumer devices your employees use in their personal lives.  Also consider how your employees share passwords with one another. This often happens in organizations where there is only one license for an application or service that multiple employees need to use, for example. Although it's not best practice for users to share such passwords via email or other unencrypted messaging channels, they can do it securely with a password manager.

3. Use a password manager

A password manager will give your employees helpful tools for embracing passwordless authentication while still using passwords. They can use a password manager to securely store each of their current passwords in an encrypted vault. Once the passwords have been safely tucked away in the vault, your employees can access them from anywhere using the devices they already rely on to get work done at the office, at home, or on the go.  As you begin rolling out passwordless technologies like passkeys, your employees can use the same password manager to store them in much the same way. And, just as with passwords, they will be able to access those passkeys from the devices they already use. This way, it won't be quite so challenging to navigate the changes involved in going passwordless. A password manager can also help you implement password best practices while the transition to passwordless is happening. Your IT team can use it to set and enforce policies that keep critical business data safe, for starters. You can also leverage a password manager to adopt MFA – a key step on the way to going passwordless. Your employees can also use a password manager to securely share credentials with their colleagues, keeping the work moving while protecting the business. 

Create a password[less] strategy for your business

Our passwordless future is on the way, but it isn't here yet. Passwordless experiences are already becoming more common, but businesses still have to manage the risks involved with using passwords for now. Fortunately, there's a way to achieve harmony between passwords and passwordless. You can do it by developing a password[less] strategy that helps your employees begin using passwordless technologies while still following password best practices. This way, your business will be in a far better position to enjoy all of the benefits that passwordless offers without having to worry nearly as much about the risks that passwords pose. Discover how LastPass' passwordless vault login frees your business from password pains and risks.