Is Passwordless Authentication Enough? 

Access & Authentication    | March 20, 2025

Echoworx adds two-step verification to tackle growing cybersecurity risks.

As cybercrime continues to evolve, so too must the tools we use to protect ourselves. The stakes are especially high for industries like finance, healthcare, and government, where sensitive information often becomes the primary target for hackers. Recognizing the growing risks, encryption provider Echoworx has introduced two-step verification (2SV) for its passwordless login systems, aiming to strike a delicate balance between security and usability.

The move highlights a growing reality in cybersecurity: passwordless authentication, once heralded as the future, isn’t entirely foolproof. “Passwords are not just inconvenient for users—they’re a major liability,” said Julie Smith, executive director of the Identity Defined Security Alliance, in a recent interview with Forbes. Smith notes that passwords remain one of the weakest security links in enterprises, accounting for around 80% of data breaches. While organizations are increasingly turning to passwordless systems, this shift has brought new vulnerabilities that require careful attention.

Passwordless Authentication: A Double-Edged Sword

Passwordless authentication aims to eliminate the frustrations of traditional passwords, offering users a streamlined experience through alternatives like biometrics, passkeys, and OAuth protocols. Gartner estimates that by 2025, more than 50% of the workforce will use passwordless systems daily. Yet, while these methods simplify workflows and improve user experience, they don’t entirely eliminate risks.

That’s where Echoworx’s 2SV comes in. By layering additional verification steps on top of protocols like OAuth and passkeys, the company hopes to address a critical gap in passwordless systems. “With passwordless authentication going mainstream, accessible yet robust measures like 2SV are critical to staying ahead of evolving threats,” said Steve Davis, Echoworx’s Director of Products, in the company’s announcement. The goal, Davis explained, is to offer a solution that marries rigorous security with a frictionless user experience—a challenge many organizations have struggled to overcome.

The Push for Stronger Protection

For industries dealing with strict compliance requirements, the pressure to adopt secure systems is immense. In Canada, the healthcare sector has faced a sharp rise in ransomware attacks, with CBC reporting a 250% increase in incidents in 2022 alone. Similarly, a report by IBM found that the average cost of a data breach in the financial sector reached $5.97 million in 2023. These figures underscore the urgency for solutions that protect sensitive data without disrupting workflows.

Echoworx’s decision to enhance its passwordless approach comes at a time when many businesses are grappling with the trade-off between security and usability. Multi-factor authentication (MFA), for instance, is often criticized for adding layers of complexity that frustrate users. “Organizations face a tough choice: comply with security regulations or keep things simple for users,” said cybersecurity analyst Joseph Carson, quoted in a recent TechRepublic article. Carson emphasized that innovation is needed to reconcile these competing priorities, and Echoworx’s 2SV could represent a step in the right direction.

A Competitive Edge in Cybersecurity

For Echoworx, the 2SV upgrade isn’t just about preventing data breaches—it’s also about staying competitive in a fast-moving marketplace. “Security is no longer just a technical requirement; it’s a differentiator,” said Davis. Businesses that fail to invest in robust cybersecurity risk losing more than sensitive data—they risk losing customer trust and falling behind industry leaders.

By integrating two-step verification into its passwordless systems, Echoworx aims to offer a solution that’s as functional as it is secure. For organizations operating in high-stakes environments, this kind of innovation is essential. And as digital threats continue to grow, one thing is clear: there’s no room for “good enough” in cybersecurity.

READ MORE: Access & Authentication