Passwords: the end is nigh!
At an RSA Security Conference way back in 2004, Bill Gates predicted the demise of the password. He asserted that traditional passwords “don’t meet the challenge” of keeping critical information secure. Largely due to complacency, we really have not evolved the way in which we authenticate to our existing IT systems.
Alarmingly, the average person has more than 90 online accounts. As we are all human, some of us use easily guessed words or phrases in our passwords. This makes our systems only as secure as the weakest account.
Sadly because of this, usernames and passwords are the leading attack vector in data breaches, account hijacking and identity theft.
The Australian Information Commission has indicated that they have seen a 30% increase in data breaches from 2018 to 2020. This includes a year-on-year increase of almost 50% of identity specific information. They state that health services, financial services and education were the top three industry sectors most affected by data breaches.
We all know that it’s everyone’s responsibility to be cyber-aware and act responsibly, but once we have even the smallest interaction over the Internet – which most of us do in our working and personal lives – we immediately become vulnerable.
When it comes to moving to password-less authentication, the finance sector is leading the revolution in investment and change. As end-users, we are already using the device we hold in our hands to access our data without a password to verify who we are.
Biometric identification is here already with face recognition and fingerprint technology used daily by millions of users. Our unique and individual features are the keys hackers will struggle to copy in order to plunder our bank accounts or sensitive data. Thanks to an incredibly competitive consumer smartphone market, we have by default adopted and accepted the technology that allows us to seamlessly access our data without a single password being used.
The trick is how we now deliver that for an organisation whereby specific users or roles can access only the information they need. Removing the hassle of maintaining multiple passwords to different systems while maintaining security is the goal. How much time will be saved if users do not call our helpdesk asking for a password reset, I wonder?
Zero Trust networks using biometrics to gain access to IT infrastructure is where we are heading. Bill Gates is a smart and patient man, and it has taken us this long for our own lightbulbs to go on. Now that we’ve caught up we should celebrate the demise of the password and ditch traditional username/password authentication.
If you would like a security appraisal to assist in better securing your network, please get in contact. We look forward to speaking with you soon.