The report, co-authored by Alan Goode of Good Intelligence, is called “True Password-less Security” and details how most companies that have adopted biometrics have not eliminated user passwords, and have been left vulnerable to credential stuffing and reuse attacks. HYPR’s white paper is also meant to help enterprises distinguish between password-less systems that facilitate security and those intended for convenience.

According to HYPR, reliance on centralized passwords leaves companies prone to a range of attack types, such as phishing, social engineering credential theft, account takeover, payment fraud, prepaid product cash-out scams, loyalty fraud, and large-scale data breaches.

Password elimination has received significant attention from analysts and vendors, but the report suggests that some early efforts to reduce their use have fallen short. The solutions of the paper speak about the criteria for a password-less architecture, the security risks associated with centralized credential storage, and argue for decentralised authentication as a way to deliver password-less security.