{"id":2417,"date":"2018-03-07T16:50:25","date_gmt":"2018-03-07T20:50:25","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=2417"},"modified":"2018-03-07T16:50:25","modified_gmt":"2018-03-07T20:50:25","slug":"passwords-traditional-access-management-dead","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/","title":{"rendered":"Are Passwords (and Traditional Access Management) Dead?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2418\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg\" alt=\"access management passwords dead\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead--300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead--768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead--540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead--162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead--360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yes, that is an alarmist title, to be sure. But it\u2019s a question that is grounded in some measure of reality: from their once lofty position as the archstone of authentication solutions, passwords do appear to be fading into irrelevance and obsolescence. Reports of growing distrust for passwords are becoming ubiquitous. What is motivating this change in access management thinking? And what will replace passwords?<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Here\u2019s the situation: <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Passwords: Access Management Tool or Impediment? <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Every year, researcher SplashData compiles the very worst passwords\u2014defined as being easy to crack or guess\u2014still in use by adults. In 2017, old shames such as \u201c123456\u201d and \u201cPassword\u201d returned to the top ten list (although personal favorite \u201cguest\u201d did not appear). What makes these findings stunning, from an access management perspective, is that about 10% of adults use at least one of the 25 worst passwords; 3% used \u201c123456,\u201d the password ranked the #1 worst. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">These passwords constitute a major security vulnerability for enterprises of every size. <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/numbers-security-conveince-iam\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">A study <\/span><\/a><span style=\"font-weight: 400\">by Verizon found that 63% of confirmed data breaches in 2017 involved weak, reused, stolen, or default passwords. A similar study by LastPass placed that percentage at 81%. Surveys by Pew Research indicates that while people know just how dangerous these password strategies are, but 61% will do so anyway. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As more studies become public, the more it seems that passwords are a vulnerability in and of themselves. But is there something else contributing to the problem? <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How We Store Passwords, Human Error, and Other Flaws<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Perhaps we can\u2019t blame people for their poor password hygiene. Some studies place the number of passwords an average individual needs to remember at 150, and <\/span><a href=\"https:\/\/www.darkreading.com\/endpoint\/identity-management-where-it-stands-where-its-going\/d\/d-id\/1331199\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">89% of users keep track of their passwords by memorizing them<\/span><\/a><span style=\"font-weight: 400\">. After 150 passwords, giving in and using \u201cpassword\u201d becomes far more understandable.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Some enterprises try to combat this issue by enforcing longer, more complicated passwords (\u201cit must have at least one number, capital letter, and random symbol\u201d) and mandating employees change them every few months. But this actually feeds into the problem, as employees desperately try to remember all the different passwords and their variations that accumulate over time. Most will end up writing them down somewhere on their browser, despite this being a well-known security hole. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to Pew Research, 39% of users find it challenging to keep up with their passwords as is\u2014this corporate strategy can only exacerbate their anxieties. You might assume a password manager can solve this problem, but only 12% of Americans use that kind of solution. Even if they did, it wouldn\u2019t change the fact that passwords are the easiest access management authentication factor <\/span><a href=\"https:\/\/www.techradar.com\/news\/6-cybersecurity-myths-that-need-to-disappear\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">to crack<\/span><\/a><span style=\"font-weight: 400\">. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">But what would replace passwords? \u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Biometrics, Blockchain, and 2FA <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In the <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/top-4-authentication-findings-ibms-future-identity-study\/\"><span style=\"font-weight: 400\">IBM Security: Future of Identity Study <\/span><\/a><span style=\"font-weight: 400\">only 27% of their survey respondents consider passwords secure as an authentication factor. At the same time, 70% state they value security over convenience in their authentication methods. So what factors are considered more secure?<\/span><\/p>\n<p style=\"text-align: justify\"><a href=\"https:\/\/solutionsreview.com\/identity-management\/biometrics-iams-future\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Biometrics<\/span><\/a><span style=\"font-weight: 400\">, the darling of identity and access management, seem to on the rise in public opinion. The theory goes that biometric authentication factors, such as fingerprints, cannot be lost or forgotten, are distinctly individual, and quite hard to replicate. But with popularity comes increasing scrutiny, specifically on how biometric authentication data is stored on servers, the issues of age affecting biometric information, and the problem of false positives and false negatives. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Others suggest that <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/2206-2is-blockchain-the-future-of-cybersecurity\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">blockchain<\/span><\/a><span style=\"font-weight: 400\"> systems could replace passwords if paired with biometrics; blockchain\u2019s auto-encryption features makes it nearly impossible (thus far) to crack, and their decentralized nature make them difficult to hack directly. A user could access their identity data from any device without fear using their fingerprints. However, blockchain technology is still in its infancy, and it has not been definitively proven that is it as impossible to hack as it claims. And while enterprises are exploring blockchain\u2019s identity and access management capabilities, it is far from certain it can be applied in that manner. \u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The most likely scenario for the future is that biometrics and blockchain and combined with passwords in 2 factor or multifactor authentication. Experts seem in agreement that 2 factor authentication at the least will supplant single passwords, as having any one authentication factor is vulnerable by itself. Passwords would still be necessary, but be only a part of the scheme rather than the sum of it. However, with passwords being so reviled, it is not impossible to conjecture a future where they are completely absent from access management. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The question may be how soon that future comes. \u00a0<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>Yes, that is an alarmist title, to be sure. But it\u2019s a question that is grounded in some measure of reality: from their once lofty position as the archstone of authentication solutions, passwords do appear to be fading into irrelevance and obsolescence. Reports of growing distrust for passwords are becoming ubiquitous. What is motivating this [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2418,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,237,421,124,91],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Are Passwords (and Traditional Access Management) Dead?<\/title>\n<meta name=\"description\" content=\"Passwords do appear to be fading into irrelevance. What is motivating this change in access management thinking? And what will replace passwords?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/\",\"name\":\"Are Passwords (and Traditional Access Management) Dead?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg\",\"datePublished\":\"2018-03-07T20:50:25+00:00\",\"dateModified\":\"2018-03-07T20:50:25+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Passwords do appear to be fading into irrelevance. What is motivating this change in access management thinking? And what will replace passwords?\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg\",\"width\":800,\"height\":400,\"caption\":\"access management passwords dead\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Are Passwords (and Traditional Access Management) Dead?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are Passwords (and Traditional Access Management) Dead?","description":"Passwords do appear to be fading into irrelevance. What is motivating this change in access management thinking? And what will replace passwords?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/","url":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/","name":"Are Passwords (and Traditional Access Management) Dead?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg","datePublished":"2018-03-07T20:50:25+00:00","dateModified":"2018-03-07T20:50:25+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Passwords do appear to be fading into irrelevance. What is motivating this change in access management thinking? And what will replace passwords?","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/03\/access-management-passwords-dead-.jpg","width":800,"height":400,"caption":"access management passwords dead"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/passwords-traditional-access-management-dead\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Are Passwords (and Traditional Access Management) Dead?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/2417"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=2417"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/2417\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2418"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=2417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=2417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=2417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}