According to the latest Verizon Data Breach Report, breaches caused by stolen or weak credentials are on the rise – up from 63% in 2015 to 81% in 2016. While there is no denying that we need to remove our dependency on the password as a primary method of authentication, the question remains how do we get there?
Right next to Egyptian mummies and dinosaur bones, passwords may soon be spotted only in museums as dusty relics of the past. Okay, maybe that’s a slight exaggeration – but our latest survey shows that top IT leaders are putting passwords and two-factor authentication in their rearview mirror.
Ever notice something about surveys? While there are plenty out there about the threats rising on the IT landscape, there isn't always useful information about the controls and techniques leaders are using to stop them. And that's what we really want to know, right? Finding out where other organizations are struggling and where they're succeeding, and how they're approaching attacks, can provide a roadmap to strengthening your own security program.
The need to strengthen enterprise authentication is almost universally acknowledged. Security professionals are quick to look at two-factor and multi-factor solutions to accomplish the goal; clearly, the addition of second and third factors addresses the need. However, there is a failure in the process to consider the value of the first factor in such solutions, the value of the password. In this Link, IDC examines the value of the password and its limited value in the future of enterprise network security.
Have you ever tried to get some critical work done, only to be challenged by the system to change your password? Have you ever been locked out because you can’t remember which of your passwords goes with which application? Have you ever succumbed to the temptation to write your passwords down, security policies be damned? And has ‘forgot my password’ become part of the login process for less frequently accessed sites and applications?