With all the talk about the growing obsolescence of passwords, it may seem strange that there exists such a thing as World Password Day. Aren’t we trying to move away from, rather than center on, passwords?
This is, in fact, the real purpose of World Password Day: to draw attention to the increasing vulnerability of passwords and encourage organizations to move away from passwords to best ensure a Zero Trust security posture.
When it comes to authentication, there are four primary types of authenticators: something you know (a password), something you have (A Security Key, an RFID Card, A Push notification on your phone…), something you are (Biometrics and the like), and something you do (a unique set of behaviors and patterns that represent your digital journey, from your device to the browser to various web and SaaS applications you use). Unfortunately, the “something you know” is the most vulnerable of the types. There is very little stopping “something you know” from becoming “something someone else knows.”
Passwords, and other binary authenticators, can be easily lifted, replicated, and hacked. With passwords, users tend to do what’s easiest: they recycle credentials. Cybercriminals harvest credentials (an easy task, be it through phishing, malware, or the 20+ billion credentials readily available on the dark web), get into systems, and escalate privileges. Even worse, they disseminate what they’ve aggregated and their tools are scalable. Threat actors can spray passwords across multiple hundreds of domains of choice, and breach the system with perfect access to all resources thereafter.
For these reasons and more, passwords are a highly insecure method of authentication. Passwords and their intrinsic vulnerabilities account for nearly 80% of all breaches. Adopting authentication methods without reliance on passwords could eliminate the majority of most breaches and account takeover (ATO) attacks for an enterprise.
Every day, more and more organizations are making the move to make their system more secure by eliminating passwords from the authentication process. According to the latest research report by ESG, Passwordless initiatives have become strategic, with 70% of organizations reporting they will start going passwordless in the next 24 months. Also, ESG reported, passwordless initiatives have become strategic, with 31% of organizations claiming it is their top identity-related activity. And 34% state that passwordless authentication is among their top three identity-related activities.
Other highlights of the SecureAuth and ESG Identity report include:
- 40% of organizations make MFA optional as their users experience MFA fatigue
- 58% of organizations consider risk scoring to be critically important for customer identity types
- 84% are selecting biometric and security keys as the most popular passwordless authentication solution
Passwordless authentication is not some far-off pipe dream; it’s what we need to be doing, now. Every day, more and more organizations are making the move to make their system more secure by eliminating passwords from the authentication process.
There is only one way to protect your digital identity and that is to go passwordless and instead use new, AIML-powered identity management solutions. Passwordless is not some far-off pipe dream; it’s what we need to be doing, now, today.
At SecureAuth, we lead this process by offering a solution that monitors continuously to ensure the vulnerabilities of passwords and other binary authentications cannot be exploited.
SecureAuth treats authentication as a continuum, instead of a binary event, allowing it to defend against threat actors at all stages of their attack plan. Continuous passwordless authentication is the only way to maintain the delicate balance between the two competing objectives of IT Operations: service level speed and secure access management.
Hackers and cybercriminals have progressed to the point of requiring the average consumer to take the “best defense is a great offense” strategy. By assuming that every credential you have ever created (or are yet to create) has already been stolen, the only way to protect your digital identity is to no longer rely on passwords and use new, AIML-based cognitive identity management solutions that continuously authenticate based on biobehavioral traits which can’t be mimicked or stolen.