The Password Is…By Samuel Greengard
By now, it's fairly apparent that password security is completely broken. Consumers can't create decent passwords and manage them effectively, and too many organizations can't seem to stop thieves from stealing them and breaking into enterprise systems.
There's a fairly basic takeaway here: when a problem pervades every corner of society and business, it's clear that the cause of the problem isn't society and business. It's the underlying system. Unfortunately, passwords are to the digital age what skeleton keys are to houses and buildings. Obsolete.
A new study from SecureAuth Corporation and Wakefield illustrates the severity of the problem. Overall, 59 percent of professionals surveyed said their company experienced a data breach in the last 12 months. A quarter of these respondents reported that their firm had suffered multiple breaches.
Not surprisingly, passwords are at the center of the problem. An overwhelming 86 percent of security professionals noted that their company's help desk must deal with lost or forgotten passwords some or all of the time. Making matters worse, high-profile incidents such as the Ashley Madison breach show that password-only policies and practices too often leave private data highly vulnerable.
The technology now exists for enterprises to move forward with digital age authentication and protection systems. When SecureAuth asked security pros which authentication methods are safest, 34 percent cited biometrics, including facial scan and voice recognition; 28 percent mentioned two-factor authentication, such as one-time access codes; 14 percent cited barcode generation for instant log-in; 14 percent like devices that sense suspicious activity and shut down; and 10 percent would like to use technology that unlocks devices only in a trusted location.
Clearly, security pros recognize that things must change and many of them are open to tools and technologies that provide broader and deeper security. In fact, the study found that 97 percent believe that these new authentication methods are reliable and an improvement over existing systems. However, while 91 percent believe that passwords will not exist in 10 years, the respondents indicated that the biggest challenge for now is dealing with hardware and software upgrades and changes as well as the associated costs.
The takeaway? CIOs must play a more active role in exploring, adopting and integrating new and better methods to authenticate users. Although there's no single way to approach the myriad requirements a typical organization faces, it's clear that a combination of tools –with a strong focus on biometrics and multi-factor authentication—can transform the face of security.