Let’s talk about the inevitability of password death. Specifically, let’s discuss whether password death is as inevitable as claimed by experts—and even by Solutions Review.
A recent Forbes article by Rohan Pinto “The Inevitable Death of Passwords” covered password death in detail. Pinto cuts to the chase regarding the single-factor authentication process; passwords offer only weak protection against hackers. Even a little research and social engineering by hackers could put the strongest password at risk. Additionally, plenty of attacks target passwords specifically. These include phishing attacks and credential stuffing, both of which have startlingly high success rates.
According to the Verizon Data Breach Investigations Report, which Pinto cited in his article, 81% of data breaches are caused by compromised, weak or reused passwords.
Also, Pinto notes that centralized solutions are a major target for hackers. He cites the power of blockchain to strengthen business identity authentication. You should read the article for yourself; it offers an authoritative read. However, we need to discuss the actual inevitability of password death…and whether it may be so inevitable.
Will Password Death Ever Come?
Previously, the editors of Solutions Review wrote an article detailing our own predictions about the coming death of passwords. Yet passwords not only persist, they seem to thrive. Why?
First, predictions about password death seem somewhat exaggerated, especially when examining employee bias. While some cybersecurity research indicates that employees feel comfortable with biometric authentication, most studies indicate that employees prefer passwords. You could argue this represents a case of cultural embeddedness. After all, passwords have been a part of IT infrastructures for decades. Users of virtually all ages recognize passwords and how they work. Thus, they choose it over new technologies.
Trying to replace passwords entirely with a different primary authentication factor could result in alienation. Unfortunately, this is a significant problem; if employees don’t buy into your authentication process, they could attempt to create workarounds. Another way to say “creative workarounds” in identity management is “security vulnerability.” Hackers could exploit it to bypass authentication security measures.
Additionally, setting up authentication factors other than passwords requires extra work and resources. For example, installing biometric readers into every endpoint on-premises can prove costly and time-consuming. However, even while passwords may not go the way of the dodo, your business can strengthen your authentication protocols without abandoning passwords altogether. Password death may instead become password evolution.
Multifactor and Step-Up Authentication
Multifactor authentication offers exactly what it says on the tin; instead of allowing access after the input of just one factor, the requester must input multiple confirmations of their identity beforehand.
While on the surface asking for more factors may appear to disrupt business processes, it doesn’t. Many ways to verify users’ identity in a secure manner involve passive factors such as geofencing and time of access request simply use a behavioral baseline to evaluate the legitimacy of the user. Meanwhile, other factors including hard tokens require the physical presence of the item—thereby not delaying the login process while maintaining cybersecurity.
Additionally, your enterprise can use an identity and access management solution that incorporates bring-your-own-device (BYOD) culture. Many new mobile devices carry built-in biometric fingerprint readers which you can sync with your login processes. Thus, you can bypass the usual deployment costs in embracing biometric authentication.
Moreover, your enterprise can embrace step-up authentication. In this process, your users may only need a password to enter the basic network, but more sensitive databases may require biometric authentication and hard tokens to access.
So password death may not end up ever happening. However, you can learn to fortify your enterprise alongside passwords. You can learn more about it in our Identity Management Buyer’s Guide.
Latest posts by Ben Canner (see all)
- 2020 Vendors to Know: Identity Governance - July 9, 2020
- 2020 Vendors to Know: Privileged Access Management - July 7, 2020
- 3 Authentication Myths to Avoid In Your Identity Management - July 1, 2020