Recent years have seen an array of high-profile cyberattacks, including many that started with stolen credentials. Uber, Ticketmaster, PayPal, Okta, and Marriott are among the many targeted in the 2020s by hackers using phishing attacks, social engineering, and other exploits to get their hands on usernames, passwords, and secured data.Translated
And while credentials-related breaches are nothing new—Verizon has been tracking them since 2008 in its annual Data Breach Investigations Report, which found that passwords were one of the leading causes of all data breaches every year for more than a decade—the problem is getting worse. One recent report indicated 90% of organizations in a national survey had experienced an identity-related incident. Those incidents are motivating change: the 2025 RSA ID IQ Report, a global survey of more than 2,000 identity and cybersecurity experts, found that 61% of organizations had plans to implement passwordless authentication in the next year.Translated
TranslatedGiven how pervasive credentials-based attacks have become, the question is how this trend can be reversed. And the obvious answer is to stop relying on the old, familiar username/password combination to verify identities. As long as organizations depend primarily on passwords for authentication, the number of credentials-based attacks will continue to rise. Passwords are simply too pervasive and too easy a target for threat actors to ignore.
TranslatedAt RSA, we believe firmly that fewer passwords mean better security. We’ve been making the argument for passwordless authentication for years, and we’ve worked with the FIDO Alliance to promote it since 2014, serving as a board member and also incorporating FIDO protocols into our own identity and access management products and solutions.
TranslatedPasswordless authentication has benefits that go beyond just security. We see passwordless as a way to create a better overall experience for both users and administrators. First, removing passwords reduces a significant security vulnerability—one that attackers have been exploiting for years. Without passwords to steal, phishing and credential-stuffing attacks are less effective, making it harder for unauthorized users to gain access.
TranslatedPasswordless authentication also simplifies access and frees users from the burden of remembering and resetting complex passwords. This means fewer interruptions in workflows, helping employees stay focused, and less need for IT support.
TranslatedPasswordless authentication brings security and usability together, supporting a more secure workplace.
While we’re in favor of phasing out passwords, we also recognize that their use is deeply entrenched. Companies have been relying on them for decades, so passwords aren’t going to go away overnight. One of the best ways to support organizations in pursuing passwordless authentication is to make it easier for them to make the transition to passwordless methods. Case in point: our DS100 password key authenticator.Translated
The DS100 is a secure, multi-functional hardware authenticator that demonstrates the RSA commitment to helping organizations on the path to passwordless authentication. It supports both one-time password (OTP) and passwordless FIDO2 authentication in a single device, so organizations can secure users as they transition to passwordless without having to change authenticators. Physically deployed but managed in the cloud, the DS100 is available as part of the ID Plus cloud and hybrid identity platform from RSA.Translated
At RSA, we know that the best security solutions are those that fit into an organization’s existing infrastructure, and the DS100 is no exception. As part of the ID Plus cloud and hybrid identity platform, the DS100 complements other RSA solutions for identity and access management, providing companies with a better approach to security.Translated
It’s an authenticator that integrates with RSA’s other tools to help companies adopt passwordless authentication at their own pace. This alignment within the ecosystem means that the DS100 isn’t a standalone fix—it’s a piece of a broader strategy. This ensures security is consistent and is an adaptable part of the organization’s defense.Translated
The DS100 represents an important asset in reducing the risk of passwords and improving authentication.Translated
The next step in improving authentication is integrating intelligence: the best authentication is the kind that users don’t need to perform at all. By using contextual analysis and AI to dynamically assess risk, security systems can manage authentication without needing the user to provide any factors. Intelligent authentication is faster, smarter, and easier for users because it’s virtually invisible to them.Translated
Interested in learning how passwordless authentication can work for your organization? Contact us for more information and see how simple, secure access can benefit your team today.Translated