EDITOR ’ S QUESTION
JAMES DAWSON , CYBERSECURITY SOLUTIONS
ENGINEER , VARONIS
There are some inherent problems
with passwords :
• Many people use weak passwords . One study found 81 % of hacking-related breaches used stolen or weak passwords .
• Passwords are relatively easy to steal . Either through social engineering or because people store them insecurely or write them down because they have difficulty remembering a complex password .
• People often re-use passwords . If a poorly designed website stores member passwords in clear-text and is then the victim of a data breach , the attackers have a good chance of being able to access many other services using the same username / password combination .
The weaknesses of passwords are a driving factor behind the rise of multi-factor authentication and password managers . These both increase security however , they are merely a patch for an already weak system .
We should move away from ‘ something you know ’ to ‘ something you have ’ or ‘ something you are .’ Alternatives that will ensure adequate security in the future :
• Biometrics – fingerprint , voice , face , iris , heartbeat – fingerprint readers and face-ID are already widely used on smartphones and tablets and are becoming more common on laptops . Biometrics cannot be stolen and are much more difficult to copy .
• One-time passwords . Systems that send a one-time password to your phone are more secure than weak passwords , but if your phone is stolen , someone would then have access to your accounts .
• A hardware token , such as a key fob or smartphone .
• Software tokens as used in asymmetric cryptography .
Several individuals and organisations have ‘ predicted ’ the end of passwords , from Bill Gates , to IBM most
A passwordless future will eventually become reality – though it will likely take longer than we think , it will ensure more effective cybersecurity .
notably , however , so much of our IT infrastructure is built around passwords as an authentication method .
They are still very simple to implement , crosscompatible with many different systems , users know how to use them and they don ’ t require expensive or difficult to access hardware to work , unlike biometrics and hardware tokens . But they are a weak form of authentication security and we are moving away from them slowly .
A passwordless future will eventually become reality – though it will likely take longer than we think , it will ensure more effective cybersecurity .
www . intelligentcio . com INTELLIGENTCIO APAC 33