JEREMY DALY ,
CYBERSECURITY PRODUCT MANAGER
AT DDLS
?
asswords have
P been around for millennia – there are references in the bible , and every child knows how Ali Baba opened the magical cave by uttering ‘ open sesame ’. The modern computer password was introduced in 1960 by Fernando Corbató , a computer scientist at MIT .
Today , passwords have become somewhat of a nuisance , especially for IT professionals . Organisations would be lost without access to the many online resources they use day-in-and-out for work , but they also need a long list of passwords to protect each of them .
The password is the most problematic item which affects most people when using computers . For many years we have had to contend with short complex passwords which are easy for a computer to hack but difficult for us humans to remember .
IT professionals spend many hours managing these lists of employee passwords . According to a survey undertaken by LastPass , a provider of identity and access management technology , IT managers today spend an average of five hours per week managing passwords .
Passwords are far from perfect . Password compromises are estimated to be the root cause of 80 % of all data breaches . A total of 92 % of respondents to the LastPass survey believe passwordless authentication is the way forward .
Some key alternatives to passwords include :
• Biometric authentication – enabling employees to securely authenticate and bypass typing in a password by using their face or fingerprint .
• Single sign-on – which eliminates the need for employees to use multiple passwords by using only one set of credentials to give them access to all resources . This way , we only have to remember a single SSO system password .
• Moving on to a token system – often Smart Cards , RSA SecurID or SafeWord Tokens . Smart Cards and physical Tokens are becoming editor ’ s question
While passwordless might be the way forward , it won ’ t be easily , or completely , achieved .
very scarce these days , with ‘ soft tokens ’ becoming more common . Most of us already use soft tokens when using Internet banking ; where we log on using a ( usually numeric ) ID and short password ( as banks are still frequently using mainframe computers for authentication ) but the more secure part is when we get a numerical token on our mobile phone which we need to enter in order to complete the authentication .
• Federated identity – which integrates with an existing IT ecosystem and user directory login details , so users need only one password to unlock their work .
While passwordless might be the way forward , it won ’ t be easily , or completely , achieved . A total of 74 % of organisations in the LastPass survey thought their end-users would prefer to continue using passwords because they were familiar with them .
Respondents also identified challenges in the deployment of a passwordless authentication model : the initial investment required to implement such a system ; regulations around the storage of the data required ; and the time taken to migrate users to a new system .
When you consider all these alternatives , it would certainly be possible to have a passwordless authentication system in the future . For example , instead of using a traditional password , a combination of a digitally-recorded signature , and biometric scan can provide more security than a password ever could , with just as much ease . www . intelligentciso . com
29