World Password Day will be a day for the cyber security and IT community to celebrate the importance of our beloved passwords, but with data security scandals at the forefront of so many minds, it will also be a day for reflection on some very real security issues and innovations.
Passwords have long provided people with assurances that their data is safe and secure. However, as technology has evolved, so too have cyber attackers – all too eager to discover vulnerabilities so to access sensitive data. Passwords are fast becoming precarious forms of defence, not only for the sort of people that choose passwords like ‘password’ or ‘123456’, but now the most tech-savvy individuals are vulnerable to attack – let’s not forget that even Mark Zuckerberg’s social media accounts were hacked.
CIO and IT leaders will be asking if their organisations are understandings the pros and cons of passwords accurately, and if they are applying their knowledge and taking the right precautions. However, due to the saturation of debates revolving around passwords, this will be far from straightforward. As journalists and vendors flood their social media feeds and email accounts with conflicting views, IT leaders should at the very least start to think about whether or not the passwords being used within their organisations are fit for purpose.
“As the UK National Cyber Security Centre (NCSC) point out in a recently published blog: “When new technologies come onto the market there can be some scepticism about how well they meet user needs, there can be concerns about meeting compliance requirements that haven’t yet accounted for the changes, and sometimes these new technologies come with increased costs.”
Taking into account the severity of poor password management, looking ahead IT leaders must look at their people, process, and technology:
Password management in an enterprise is difficult and complex, primarily because it requires skilful coordination between the IT department and employees across the whole organisation. Investment in education and training for compliance reasons is pretty common place, however, programmes of this sort often overlook enabling people with self-service for password reset and self-registration of MFA. In addition, while many employees use social media for business, many of them are left in the dark in regards to understanding a safe way to manage passwords for all those personal apps.
Enterprises need to consolidate passwords, a common way to do this is pair passwords under a single set of corporate credentials. Jonathan Bennun, Product Strategy at OneLogin, also suggests that: “Access management should be unified and holistic across the entire organisation with user information and privileges.”
The proliferation of legacy, enterprise applications which require intensive updates in order to support modern security measures is another major venerability. Brett Beranek, director of Product Strategy, Enterprise, Nuance Communications, argued: “Traditional, knowledge-based password are soon to become a chapter in the history books.
“Today, modern advancements in biometrics, leverage low-value authentication data – such as our unique voice prints – to enable access to account information through banks, retailers and so on. This not only improves the security of our personal data, but it also improves the user experience, as we don’t have to go through our names, addresses and mother’s maiden names every time we want to access our accounts.”