Building passwordless-first enterprise cultures

Published: 2026-04-21 11:06:26 ET MA

Published on 04/21/2026 at 11:06 am EDT

An organisation's culture is how it turns its purpose into action. The set of shared norms, behaviours and values that are in place form the context in which employees judge the appropriateness of their behaviour. That includes how they interact with technology within the workplace.

Unpacking the FIDO Biometric Key: Are we finally one step closer to a passwordless future?

Unpacking the FIDO Biometric Key: Are we finally one step closer to a passwordl...

Passwordless payments: Mastercard and Thales on the future of secure digital payments

Passwordless payments: Mastercard and Thales on the future of secure digital pa...

That behaviour can have a massive impact on the wider security of the organisation, because employees are on the front line of cyber risk. The well-worn advice for secure passwords, such as including numbers and special characters, and hoping users will remember them instead of writing them down anywhere, is notoriously challenging to pull off in practice because it has grown so tiring.

Passwords are one of the oldest security tools in the world of software and the Internet. But they cannot provide enough protections in the modern business environment for several reasons. Social engineering through phishing or account takeover attacks are a significant risk.

The other costs associated with passwords, experienced not just in terms of lost productivity, but additional IT support time, is seeing increasing numbers of organisations doing away with them altogether in favour of passwordless authentication models. With no passwords to phish or compromise, passwordless systems greatly reduce the chances of being exposed to phishing or account takeover attacks. Typically achieved by requesting either something the user knows, has, or is, the most secure form of this authentication uses a combination of all three.

The user experience

From a consumer perspective, digital trust often begins at login. The 2026 Thales Digital Trust Index found 57% of people reported problems accessing a website in the past year, with 68% abandoning or switching providers due to slow performance or complicated sign-up processes. Moving to more seamless authentication methods can bring significant benefit to both employee and customer experiences.

But the transition can't be done overnight, and some organisations might never be able to adopt a completely passwordless approach across their entire IT estate. Instead, a phased approach is advised to allow IT teams to test and learn, and ensure they have adequate resources to support a transition.

123RF

Cultures that embrace change

The culture of an organisation also needs to be positively oriented towards change. Leadership must be clear and set an example with their own actions, putting measures in place to support staff on the most effective practices for implementing passwordless authentication.

The new system must be designed in a way that employees find easy to adopt, with self-service capabilities to give users a choice of authentication methods, self-enrolment, as well as the choice of replacing or deleting authentication methods as they wish to. Getting the balance right between user convenience and security is important to drive adoption, as well as reduce friction once services are up and running.

The Thales approach to passwordless

To help make the switch to passwordless easier, Thales has designed a new platform, Passwordless 360-degree, which aims to tackle the challenges associated with managing multiple complex passwords, as well as authenticating across both legacy and modern web resources and personal and work devices.

Compatible with authentication standards like FIDO (Fast Identity Online), it uses public key cryptography to replace traditional passwords with FIDO keys, reducing the administrative overhead for organisations by allowing users to handle multiple FIDO keys.

The journey to passwordless is a step enterprises can make towards enhancing security, improving user experience and preparing themselves for the future of identity and access management. By combining careful planning, effective change management, and a commitment to balancing security with usability, enterprises can put themselves in prime position to a more secure passwordless future.