In a recent survey conducted by SC Magazine of their readers it was found that the password is not dead. Companies continue to depend on passwords and are encouraging their employees to use a strong password such as a passphrase, song lyrics or something that represents an event, while adding a few capital letters and/or numbers.
“Passwords get a lot of bad press,” says Keith Graham, CTO of SecureAuth, but for the cost for the implementation they are “a low-cost way to enforce a reasonable level of security.” For higher levels of access control and authentication, additional layers can be added that are appropriate to that need, he says.
Graham stated that organizations could keep their passwords but also need to look at adding additional layers of security. This means combining a strong password with Adaptive and Two-Factor Authentication. One of the most prominent approaches to Two-Factor Authentication is using the employees phone as a second factor. The employee can use an app to receive a one-time password, a SMS text, voice call, etc. Using the cell phone, as a token is very convenient since your employees will always have their phone with them. This also saves the company money on token replacements because if the employee loses their phone, they will quickly find a way to get a replacement.
Fun Fact:
39% of organizations surveyed said they require employees to change
passwords two to three times per year
While passwords continue to be a part of an organization’s security strategy, using Strong, Adaptive Authentication is the key to creating secure access control. Adaptive Authentication includes techniques such as geo-location, geo-velocity, device fingerprinting, and risk analysis. For even stronger access control, authentication methods such as biometrics are increasingly being used by providing something that is unique to the employee such as a fingerprint on their phone. The password is not dead but it does need to be used in conjunction with other risk analysis factors and not be left as the only form of defense in to an organization’s network.
To learn more about why the password is not dead check out the SC Magazine Survey, Market Focus Report, and the webcast discussing the survey results with SC Magazine, Stephen Cox, and Darin Pendergraft.
