Right. These are the right slides.
Well, thank you. I see that you guys are interested in, in the world of passwordless. So my name is Alejandro Leal. I'm a research analyst at KuppingerCole, and the topic of today is finding the right passwordless authentication solution. I've been covering this topic for the past few years, and the first time we had a leadership compass report on this topic was two years ago. And this year we had such a high number of participants. We had over 50 participants in the report that we decided to split it into two, one focus on consumer use cases, which was published two weeks ago.
You can take a look at the report of the results in our website. And the second report focus on enterprise use cases will be published in later this summer. So today will be more of a general discussion on passwordless.
We're gonna briefly talk about the difference between the two, between enterprise and consumer, and then talk about some of the market trends that I see evolving and then we'll discuss some of the challenges and implementations. First motivational quote, he didn't actually say that, but I think this really demonstrates what the world of password is, is about.
I think that many people in the, in the, in the industry have been talking about passwords being dead for years, if not decades. But I think that the goal here is to spread the message that people are losing faith in passwords. And that's, I think, what matters.
However, if people in the industry like us, we lose faith in passwords that the, the objective is to spread the message to the public. And that's of course the, the challenge that we're facing. The other day, I was having lunch with my wife.
I live in Poland, so I was just minding my own business and I kept hearing the table next to me. There were some students from high school or university. I kept hearing the word password. Password. Of course the conversation was in Polish, so I just asked my wife to translate what, what they're talking about.
And, and then she told me, they're saying that the safest password is to have your password in English, because in Poland, nobody's gonna guess it. And I, I wanted to jump in and, and try to say something, but my, my wife stopped me from doing that. But it just shows you that even young people still struggle to see how bad passwords are, and we need to do a good job. It's not only when you deal with old people, but it's also people that are our age out there.
So we have conduct some polls during our webinars, our research, and apparently the primary driver and interesting passwordless has to do with improved user experience.
But I think that we, we need to be careful here because every person has a different understanding of what enhanced user experience is all about. One of the conversations I've had during these past few days with some of the vendors is revolving around the topic of account recovery.
And if vendors still offer the option of username and password to their clients, even if their clients want that option, because I don't know, they, they like it or they're used to it. They, they know it. We need to educate them. And ideally, let's say that we shouldn't even offer that option. And in my research, in my report, I'd say that most vendors still provide that option. So I think that we need to do a better job at coming with alternatives.
So wigo, passwordless, I'm sure you all know, right, it's gonna be more convenient and more secure, but I think the, the point here is to not just increase convenience while security goes down, but have both of them go up. I think that's the best approach is a win-win approach. And the question is, should you embark on a passwordless journey? It has to do with different people. It has to do with the workforce, with consumers, with partners.
And that's precisely the reason why this year we decided to focus our reports, our research in two different use cases for workforce and for you, for consumers.
So are there any differences?
Well, I think there are differences in expectations. For example, employees might, may tolerate more friction than consumers. That's because of internal identity and access management policies.
Of course, consumers, they just want to, to get whatever they want to get as, as fast as possible. They don't have much patience. So in the world of enterprise, there's more focus on security, on compliance, on multiple access levels. Whereas in the consumer space, it's all about the user experience. It's all about having a smooth and intuitive interaction to have it simple.
But again, we shouldn't focus too much on the user experience because even if the people want a better user experience, we also need to have security in mind, especially if people out there don't know much about the, the threats that organizations face. Of course, people here in the industry, we know all about it.
So I think we have to, to be careful and, and spread the message in the, in the correct way. So what are some of the trends?
Of course, I see some market growth, particularly in North America and in Europe. There are many small vendors that have come up in the past two to three years. They have innovative approaches, they have different ways of, of implementing passwordless. And I think that's really good for the market is is very dynamic. It's filled with opportunities also for small vendors. Even if they just find their own niche area, their own geographical place, there's potential for growth. And as we see, there's regulatory influence.
The US has published some recent documents on MFA on cybersecurity and also in 2022 in October, they published a study on Zero Trust, how to reach there. And they provide a roadmap, a framework for organizations to get to that point. And of course, authentication is essential, identity is essential there. And then we see also the adoption of pass keys by Microsoft, Google, apple. And I think that's a, a very interesting way that people can understand the benefits of, of PAs keys and, and start moving away from the idea of passwords and usernames.
And yeah, the future is gonna be looking like people wanting better experiences, people prioritizing security. We'll see new entrants, we'll see more regulations and of course more innovation because I think this is a field that has a lot of potential for growth.
We also conduct in our research on market sizing and we predict that the compound annual growth rate will go up to 31% by by next year and it will reach 6.6 billion USD. We probably have to do an update very soon on that. And you can find more information on our market sizing and our website.
And we have one on Passwordless authentication where we talk more about the the topic. So what are the challenges? Of course user adoption is one, but cost barriers is another. Many people, when I talk to the vendors, they tell me that sometimes they struggle to deliver the message to their clients because sometimes they may be talking to very technical people that understand what they're trying to bring to the table, but maybe these people don't have a good way to talk to the board, to the people making the decisions in the company.
So I think vendors should work on creating a nice storyline on talking about how adopting their solution will bring tangible benefits, not only security and convenience and all these things, but also in terms of money, how is that gonna benefit the organization? Interability issues, as we see with wearables with the wallet, we need to make sure that there's systems working altogether and vendor adaptation, as I mentioned in my previous slide, when it comes to account recovery, we should try to educate the users in that sense.
And I'm afraid that even though niches said that the password is there, I think that the password is still gonna be there for, for use to come. I still use username and passwords for many applications and I'm sure most of you also do that. So it's gonna take time and maybe we're gonna move to a point where passwordless will become more popular, more prevalent, but there's always gonna be a password looming in the shadows.
So how to find the right passwordless solution there.
Of course, different criteria, and it really depends where we're looking at. Many of these vendors focus on different industries. Some may target the financial sector, they may target the iGaming industry or the entertainment industry. So it really depends what your organization is looking for. It depends what you are trying to prioritize. And these are some of the key considerations.
And of course, I come from Latin America and it's, I think in a region that maybe it's not embracing this passwordless world, but I think that slowly we see in Asia, we see in Latin America, we seen another region of the world, we see some growth. So the market is, let's say, not consolidating in Europe and North America, but it's also growing in other parts. So I think the vendors need to also understand those regions, what they're lacking, what they need, and how we can make future for the world, not only for certain places.
So right, how to move forward just like when it comes to zero trust, it's not right a, a product. If you get a password solution, it won't solve all of your issues. But it's I think a very important com component of zero trust. And as we know, zero trust is is a strategy, it's a journey, it's a shift in the way we think, in the way we operate our processes, our operations. And also it's about changing the, the culture within the organization. So you need to first understand what you need, what your organization is lacking, and you need to evaluate all of these vendors.
There are many, as you can see in our reports and we see more coming up. So I think it really depends what you need and what you would really like to see implemented in your organization. So we have KC Open Select, it's one of our, our products and we have a version on, on Passwordless where we can help you find the right solution for you. And
Here's some of our related research.
So we have these passwordless authentication report that we published two years ago, but that one, the problem with that report was that maybe it didn't look at the difference between the enterprise and the consumer space. And that's what we tried to fix this year, to have one report focusing on each. I think that would be more accurate, more fair to the vendors. We have also white papers, we have webinars and also an advisory note on maturity level for I am. So we provide a roadmap on what your organization needs in order to, to reach a modern I am in place and how to get to zero trust.
And we also have some blog posts on trends and predictions. So make sure to stay tuned. And I'm afraid, Paul, that I finish quite early. I wasn't really prepared for a longer, longer session, but I'm happy to to respond to any questions. And maybe we can prolong this session by, by your,
Maybe you could just read out the final slide that says thank you. Thanks.
Yeah, there you go.
Great job. Thanks. If there are any questions though, we've got loads of time about right there.
Okay,
Thank you. Yeah, you were speaking of a shift and, and how we think what information is required for a standard end user to understand what password is, is to yeah, be able to work with it.
Yeah. Well I think it's important to really emphasize the benefits of passwordless because one of the problems when it comes to user adoption is that people don't really, it sounds fancy, it sounds nice, but they don't really understand, let's say, the technology behind.
And I'm not saying that we need to give them a really depth in detail presentation on what password release is and how it works, but I think we need to really talk about concrete things, about how it benefits the organization, how it's really gonna bring something of value to you. So I think vendors have the, the responsibility to do that, but also as analyst to create maybe some sort of storyline, some more, more simpler message that can be understood not only by organizations looking for that, but also by, by the wider public. I don't know if, if Paul, you have any anything to say?
No, no. You go,
I want further question if it is. Okay. So concerning Passwordless and how it's used like with video keys and stuff, is there anything compared to an like an MFA rollout where users are like quite scared of it since they're using their own device, which they have to install an MFA app or something? Is there anything con compared to that in Passwordless where a user could think of, oh no, that's something I'm scared of to install or something?
Well, I think maybe something that, let's say, scares people would be the, the fact that they, they, they might perceive it as too complex. They might not understand how to start if MFA would be the right way of doing it first or through Fido. So I think people might have different understanding of how passwords can be implemented. And I think that the goal is to not have it more complex than it already is because many of these organizations still rely on, on legacy systems, on disperse different systems. So you don't wanna add more complexity to that.
Thanks.
We've got one more question here.
Alright.
Yeah. In your research, have you considered any other method of passwordless authentication beyond Fido and PASIs?
Well, I, I think FI and PASIs are the most widely discussed options and I really like what Fido does, but in my rich research, I think, I think most vendors support Fido. They like that approach.
Of course, some may prefer to do something more, more like with biometrics. Perhaps they, they might think that it's, it's more, more, more easy, more convenient. But I think digital certificates is also another option that, that companies are exploring not only for authentication, but also for account recovery.
But I, I really like what Fido does and I think that they're heading to the right approach and they're trying to spread this into the, into the masses if you like.
Okay. Thanks Ro. Thanks a lot. And big round of applause please. Alejandro for.
