As password protocols evolve and cybercriminals become more sophisticated in their techniques, it’s increasingly apparent that the traditional methods for protecting your accounts no longer offer adequate levels of security.
In this blog post we’ll explore how passwords have changed over time and examine how businesses can keep their data safe moving forward.
Problem 1: Passwords Have Moved From Physical to Digital Space
Password use originated in the physical world where a person needed to know something – word or phrase – in order to enter a physical space.
Relying on user knowledge worked really well in a person-to-person situation, but as passwords became digitised and technology evolves, this method struggles to keep pace with computers’ abilities to compromise systems. Computers can hack a password faster than ever before which means passwords have had to become increasingly complex and humans are being pushed to the limit in creating a meaningful passphrase that they can actually remember.
As password use continues to evolve in the digital space, passwordless solutions are essential for enhanced security and streamlined user experiences.
Problem 2: We’re Only Human
Almost every application requires user authentication which makes the traditional password experience an increasing burden. End-users have countless passwords to manage and more complex requirements that make them hard to remember.
Putting the onus on users to have to remember many different password variations, to update them regularly, and to make them longer or more complex leaves your business open to security risk as users inevitably tire of the responsibility or simply forget.
People are also quite terrible at creating truly random passwords. The human brain prefers using familiar elements that are easier to remember; things such as your partner’s or pet’s name, your favourite hobby, the street you live on.
Passwords are often inspired by what you love most, which unfortunately, makes it easier for adversaries to guess, and even worse, for criminals to reuse when infiltrating other systems.
Problem 3: Passwordless Doesn’t Mean Securityless
The problem with the name Passwordless Security is it suggests you’re simply removing the password without replacing it with further security.
Passwordless actually requires you to add a cryptographic key and secondary factor of authentication such as biometrics or a pin.
Wolfgang Goerlich, advisory CISO at Cisco Secure, offers this analogy:
“We are defining authentication by what it’s not. I like to compare this to the horseless carriage. A hundred years ago in my hometown of Detroit, what was high tech was a horseless carriage. It’s a carriage without a horse. That belies all the improvements in speed safety and the culture change that came with the automobile.
In a similar way, if we only think of authentication as removing the password, we are going to miss out on a lot of the improvements that we can make in authentication. When we do adopt passwordless authentication, it cannot only be to remove the password, but it also has to be to add additional risk-based authentication mechanisms to increase overall security at the same time.”
Cisco Duo is our preferred passwordless authentication tool. ITeam Consulting can help you to keep sensitive information stored securely on devices without giving anyone else access—ensuring that users benefit from both psychological comfort alongside proven durability against threats.