Enthusiasm for passwordless authentication grows, but adoption lags

Healthcare organizations still rely heavily on traditional passwords, despite growing enthusiasm for passwordless authentication, according to a new report by Imprivata. More than 60% of surveyed health IT leaders said they consider passwordless authentication very important, and 22% consider it mission-critical to the future of healthcare cybersecurity. 

Passwordless authentication comes in many forms, from biometrics to passkeys and one-time passcodes. These methods offer a convenient, efficient and secure alternative to traditional passwords. Potential benefits of passwordless authentication include stronger phishing resistance, faster logins, less friction and fewer help desk tickets. 

Respondents whose organizations relied heavily on traditional passwords reported instances of risky password workarounds, delays in patient care, increased risk of breaches and wasted clinical time as a result. High password reset volume, workflow disruption and compliance and audit pressure were all reported risks associated with traditional authentication methods. 

Despite the benefits of passwordless authentication, only 7% of organizations have fully implemented it across their workforces, the report found. Respondents consisted of 206 IT directors, chief information security officers, security architects and other senior leaders. 

About 60% of respondents said their organizations still use passwords extensively for user authentication, and 27% reported using adaptive or risk-based authentication extensively. 

"The data indicates that the market is in a transition phase," the report stated. 

More than half of organizations use fingerprint biometrics, and 45% use facial recognition. Additionally, 54% of leaders said their organizations use at least three authentication vendors.  

Although there is a clear interest in alternative authentication methods, "most have not yet unified these capabilities into a cohesive strategy for minimizing password use," the report noted. 

"Instead, many healthcare organizations find themselves with hybrid, fragmented environments where passwords remain deeply embedded in workflows and legacy applications, even as new authenticators are added around the periphery." 

According to the survey respondents, barriers to adopting passwordless technologies include integration or technical challenges (57%), clinical acceptance or training concerns (52%) and regulatory requirements (51%).  

"The combination of these factors helps explain why organizations often need to begin their passwordless journeys by gradually adding new authentication methods on top of passwords rather than pursuing aggressive password minimization or fully passwordless workflows," the report noted. 

Although barriers remain, respondents were optimistic about making progress toward passwordless access in the near future, with many leaders highlighting the potential of biometric authentication in particular. 

Nearly a quarter of respondents said that they expect to fully adopt passwordless authentication for all clinical and other staff within the next two years. Although healthcare is in the early stages of adopting passwordless authentication, the data shows that the industry sees the potential in enhancing its authentication methods and eliminating passwords. 

Jill Hughes has covered healthcare cybersecurity and privacy news since 2021.