MicroScope September Issue: Why Do Organisations Still Rely on Passwords?
Author: Karl Barton, senior director of international channels and alliances at SecureAuth
When Fernando Corbató invented the first security password nearly 60 years ago, he probably didn’t envision that it would still be central to authentication methods used to protect valuable data. Passwords have been falling out of favour for years and 81% of confirmed data breaches today involve weak, default or stolen passwords. In fact, passwords such as “123456” and “password” are still quite common among users.
It is time to look seriously at how we verify a user’s identity. The password has no place in modern security practices and industry leaders share my views. Microsoft’s security chief recently urged people to ditch passwords, but this won’t be easy. As passwords are deeply rooted in legacy security practices, some resistance is likely when introduced to new processes. Additional educational investment and staff training, potential disruptions to employees’ daily routine and fears of system failures can act as barriers to adopting passwordless practices and must be addressed before the password can be retired for good.
With credential compromise on the rise, firms must adopt modern approaches to identity security, which ultimately render stolen credentials useless to an attacker. Although basic two-factor authentication (2FA) methods are a step in the right direction, more must be done to stay ahead of fast-evolving threats.
“The password has no place in modern security practices”
Organisations can mitigate password risk and bypassed 2FA risk with modern adaptive risk-based approaches that leverage real-time data and threat detection techniques to improve end-user trust. Gartner predicts that by the end of 2020, enterprises that invest in new authentication methods will experience 50% fewer identity-related breaches than their peers.
Modern techniques such as device recognition, geo-location analysis and intelligent threat services analyse risk without hindering user experience, saving time and reducing user frustration, all while securing the enterprise. As the threat landscape evolves, organisations cannot continue to rely on archaic methods of user authentication and instead must adapt to stay ahead of attackers.
The password has lost its place in the enterprise and the smart organisations are the ones that understand this
This article originally appeared in MicroScope, September issue