circumventing onerous technology and security controls than we do in building the habits and behaviors
            that would reduce overall risk in our organizations.

            Compromised credentials and poor access controls—both of which involve usernames and passwords—
            are the reason some 15 billion identity records circulate across the dark web today. The problem has
            become so critical that last year’s OWASP top 10 named “Broken Access Control” as the number-one

            risk. To reverse this trend – and literally save us from ourselves, from our lax behaviors and ineffective
            controls – we must look to technologies that reduce or eliminate human error by design.

            Organizations the world over have woken up to the fact that compromised credentials—at the root of
            more than 80% of all breaches-–are their biggest threat. In other words, awareness of the problem has
            finally caught up with what the data have demonstrated for years, and we now recognize that addressing
            a  few  key  access  points  with  passwordless  options  or  biometric  solutions  doesn’t  go  far  enough  to
            address the root cause.



            2022 is the year to go passwordless.
            Because passwords are easy to discover and exploit–and because they’re plentiful—if organizations

            don't embrace the passwordless trend, bad actors will continue logging in with stolen passwords and
            companies will continue to suffer breaches.

            2022  is  also  the  year  to  stop  pretending  that  existing  two-factor  (2FA)  and  multifactor  (MFA)
            authentication tools will deliver anything more than marginal improvements to a poor security posture.
            The massive levels of user friction and workflow interruption alone are good reasons to stop investing in
            2/MFA because they hinder widespread adoption and use of the technology; the fact that such solutions
            also  do  nothing  to  curtail  phishing  attacks,  ransomware,  credential  stuffing,  man-in-the-middle,  SIM
            swaps, push bombing, and other popular attack vectors mean organizations cannot depend on them to

            secure the devices and work products of remote and hybrid workers.

            We’re  seeing  more  and  more  business  leaders  starting  to  prioritize  budgets  and  fast-track  proof-of-
            concept (POC) engagements to find passwordless solutions that will work across the enterprise at every
            access point.  Successful deployments will reduce IT complexity, streamline use-case support, and offer
            a seamless user experience–one that enables people to log in easily and securely from anywhere in the
            world without using vulnerable passwords.

            Advanced passwordless solutions are embedded in continuous authentication models that remove the
            zero-sum trade-off between better security and a better user experience by allowing users to authenticate
            into workstations, physical doors, and other sensing assets simply by being close to them; they also

            deploy  AI/ML  to  approximate  distance  from  sensing  objects  without  requiring  pairing  or  further
            interactions to work. They use behavior pattern analysis to authenticate intended users and remove
            access  from  unintended  users.  Importantly,  they  also  empower  enterprises  to  consolidate  solutions,





                                                                                                            113