Home » Topics » Cybersecurity » Are you ready to phase out passwords?

Are you ready to phase out passwords?

Avatar photoby Nick Ismail

Single-factor, password-based authentication – and even many traditional two-factor approaches – are no longer enough to secure today’s increasingly digital world.

These techniques, including username, passwords and security question credentials do not sufficiently protect organisations and the critical data they hold, as seen in the spate of recent breaches such as Yahoo!

According to the 2016 Verizon Data Breach Investigations Report, 63% of the attacks it studied leveraged weak, default or stolen credentials at some point in the attack.

This indicates that, in order to combat the rising tide of credential abuse, organisations must implement stronger forms of authentication.

Despite this, users and organisations are still slow in adopting stronger security measures.

>See also: 3 tips to help make and manage complex passwords

Some organisations have a tough time finding ways to increase security without creating a lot of resistance from either employees or customers.

Especially as most employees don’t always think about security as their priority, while customers just want to access their accounts as quickly as possible.

Most employees hate additional authentication steps or hoops to jump through.

Nobody likes:

  • Having to adhere to a strong password policy – logging in, logging in again, waiting for access, changing passwords every 90 days, complex passwords that are difficult to remember.
  • Using antiquated two-factor authentication with cumbersome hardware tokens: adding a PIN code at every log-in, carrying around a hardware token, not to mention the expense to the organisation of replacing tokens and the support/maintenance drain on IT staff.
  • Waiting on hold with Help Desk instead of immediately being able to help ourselves with tools like self-service password reset and account unlocking.

>See also: Why are Google killing the password?

Individuals can make it easier on themselves by adapting and selecting access capabilities to fit their needs, removing barriers to adoption.

In October, SecureAuth conducted a survey on IT decision makers in the US and found that 69% of respondents say their organisation is likely to do away with passwords within the next five years.

This is good news. A growing movement of individuals and businesses opting for an authentication overhaul means there is a real understanding of the limitations of existing protocols and a concerted drive to limit the potential for future network breaches.

It’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy.

Yet, these advocates often face multiple challenges from their company’s executives.

Top reasons hindering authentication strategy improvements cited by respondents to SecureAuth’s survey include:

1. Disruption to users’ daily routine.
2. Lack of resources to support maintenance.
3. Steep employee learning curve.
4. Fear the improvements wouldn’t work.

However, multi-factor authentication need not be disruptive, a simple user experience can be maintained.

User-friendly adaptive access technologies such as device recognition, threat services (leveraging information from a network of 11 million advanced threat sensors to determine blacklisted IP addresses), and geo-location look-up.

>See also: Think before you speak: voice recognition replacing the password

When used in layers, such techniques can strengthen any organisation’s security posture.

This enables users to stay both secure and productive with minimal disruption to their daily routines.

It’s time for companies to adapt and move away from the simple password.

To future-proof, organisations must look to invest in such adaptive authentication that contextualises the above elements for accurate user identification.

Importantly these techniques all happen behind the scenes, increasing security at the same time as not getting in the way of the end user experience.

Eliminating passwords removes any reliance on them and means that compromised credentials are no longer a risk.

Strong security during authentication no longer has to be at the expense of the end user, workers and organisations can now have both. It doesn’t have to be a compromise.

 

Sourced by James Thompson, director EMEA, SecureAuth

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Two-Factor Authentication

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise