Why Passwordless Authentication is Essential for VPNs

Shimrit Tzur-David | June 13, 2018

As the modern workforce becomes increasingly more mobile, businesses are allocating more and more on resources to secure remote connections.

For years, Virtual Private Networks, or VPNs, have been the standard bearer for remote access. VPNs allow users to transfer sensitive data across a public network as if their devices were directly connected to private one.

The New Paradigm

Unfortunately, the solutions offered by VPNs is far from flawless. VPNs, as well as most remote access solutions on the market today, fall short in some very significant ways. From a user experience (UX) perspective, many platforms end up being overly demanding on workers, requiring them to execute additional logins or challenge questions to access important data or sensitive accounts. On the security end, VPNs and other remote access tools often give a false sense of safety by leaving open potential doors for cybercriminals. This is especially true when dealing with digital platforms with a higher likelihood of compromises, such as tablets and smartphones.


The first consideration for any company implementing remote access protocols is the cost of any given system.

With most authentication schemes, costs can run pretty high. Some, such as hardware tokens, require the acquisition of additional hardware for each user. Even where users’ personal devices are enough, systems often demand high maintenance expenditures. Password-based systems mean employing security solutions to protect password database stored either on-premise or in the cloud one of the reasons why IT helpdesks often turn into huge financial burdens. According to industry leaders, the price of just one password reset can run as high as $70. Considering that 20 to 30 percent of all helpdesk calls are password related, these costs can quickly add up.

User Experience

The multiple authentication steps of most solutions is a major hurdle for users. While additional steps bolster security strength, they also hurt user experience. Systems such as adaptive authentication add an additional layer of security by requiring additional challenges from the user for more sensitive operations and data access. Users should not need to pass additional challenges to access the full range of a network. The right authentication solution will not elevate trust with additional factors or credentials but will start with a high assurance of trust. This alleviates the need to work within the UX-security schism.

Man-In-The-Middle Proof

The dreaded Man-In-The-Middle (MITM) attack has always been the scourge of remote access. By capitalizing on weak security protocols, hackers are able to insert themselves into a conversation between client and server, intercepting all the communications between them. Even utilizing a VPN can still leave a user susceptible to MITM attacks.  Once data leaves the VPN gateway on its way to its destination, it becomes vulnerable to interception between the computer you are login from and the VPN server.

Furthermore, in the increasingly diverse digital work environment-made up largely of devices not owned or controlled by companies–most methods for remote access security are not going to cut it. As researchers at Gartner have recently pointed out, the inability to apply a solution that fits all employees creates not only security/compliance issues but also pulls down productivity by overcomplicating authentication.

Password-free multi-factor authentication (MFA) platforms can address all the challenges posed by the need for remote access. On the security end, MFA guards remote access protocols from being hacked, either by MITM attacks or by compromised authentication credentials. MFA also provides a scalable solution that can be implemented using a broad range of both personal and company-owned devices. This ensures a smooth and easy user experience that streamlines workflow without compromising on network security.

Reduction in TCO and Downtime

Another major benefit of implementing a passwordless MFA solution is the reduction in total cost of ownership (TCO);  taking into account the nature of remote access – authentication in multiple locations some might have different time zones due to that, password reset requests might create downtime and hurt productivity of remote workers an issue that can be solved by removing the password altogether.

MFA solutions that utilize bring your own device (BYOD) policies can eliminate almost all authentication related costs of IT departments; solutions that are combined with a self-service enroller that gives remote employees autonomy can prevent employee downtime even in case of lost, a scenario that is impossible to rectify using hard tokens.