Editor’s Question:  Have passwords had their time?

Editor’s Question:  Have passwords had their time?

Industry views on the future for access authentication.

Stuart Wells, CTO, Jumio 

To protect users in an increasingly connected world, organisations must adopt more robust and reliable methods of passwordless authentication. Biometric authentication offers a more secure and intuitive experience, ultimately reducing the impact of hacks and online fraud.

Using biometrics at account creation and on an ongoing basis not only offers better protection against account takeover fraud but also eliminates the need to remember complex passwords and initiate password resets. It also discourages password sharing, which can inadvertently lead to data breaches and more compromised accounts.

The password has outlived its usefulness – and we need stronger ways of protecting ourselves online.

Scott Silver, CEO, Integral Partners – a Xalient Company

Passwords provide access to a host of applications and data from our PCs to emails, even our bank accounts. However, passwords in the wrong hands can provide the keys to confidential and sensitive data which could include employee and customer personal information.

On World Password Day we are reminded about the importance of having strong passwords – but we need to think beyond this.

While passwords add a layer of security to protect information, threat actors can lurk within organisations and as such passwords are not enough to prevent data leaks and breaches.

Companies must move beyond passwords to protect their most valuable data assets. To maximise security and protect against internal and external threat actors, companies stand to benefit from having a Zero Trust strategy. This is particularly true with the increased adoption of cloud computing, which highlights the inadequacies of traditional security measures.

With a Zero Trust strategy, security moves beyond perimeter defences and prioritises continuous identity verification and authorisation, irrespective of the user and their location. This underscores the principles of Zero Trust, which is that trust is never assumed and access is meticulously validated at every interaction point.

Patrick Harding, Chief Architect, Ping Identity

As threat actors become more sophisticated and lean on new technology like AI, most users underestimate the risks associated with relying on passwords to protect valuable information. On top of that, a whopping 48% of IT decision-makers are not confident they have technology in place to defend against AI attacks.

Consumers have also become increasingly frustrated with remembering multiple, complex passwords and often choose to reuse the same password on various sites, increasing security risks even further.

There are more secure alternatives that provide better digital experiences for the user. Passwordless authentication replaces traditional passwords with more seamless and secure methods and helps enterprises reduce risk and stop threats at scale.

Carla Roncato, Vice President of Identity, Watchguard Technologies 

We should all pause and think about how we can adopt passkeys, which represent a significant industry shift in identity security, moving away from traditional credentials of usernames and passwords to a more secure no knowledge approach to authentication that is a vastly better user experience.

As a form of passwordless authentication, passkeys aim to eliminate the inherent risk factors of traditional credentials. 

At the same time, any use of biometrics and biometric data for fingerprint or face unlock remains on your device and is never shared with any website that accepts passkeys.

Sadiq Iqbal, Cyber Security Evangelist, Check Point Software Technologies

It’s essential to acknowledge that robust passwords form the bedrock of effective security measures. Even with the most advanced security technologies, the simplest oversight on passwords can grant attackers access to our systems.

Strong passwords are more than just a recommendation; they are a critical defence mechanism.  Recent attacks on major organisations like Okta and 23AndMe were facilitated by stolen login details, demonstrating the widespread impact and ongoing threat posed by weak password practices.  However, by reinforcing password security, we protect not just our data but maintain the integrity and trust of our entire organisation.

Wayne Phillips, Field Chief Technology Officer – Asia Pacific and Japan, SentinelOne

Passwords aren’t going away any time soon.  While biometric data, facial and fingerprint scanning all have a role in helping secure access to services, the one over-riding benefit of a password is it’s the something you know and not the something you are.

The latter might be simple to set up, simple to use and always available, but that means it can be read without you knowing, but the former cannot, so long as it’s sufficiently complex, unique, secret and not unwittingly shared it with someone else.

The downfall of passwords is the need to share them with the system you need to access, to ensure you can access them. Sharing passwords at account creation is the paradox for security and where the whole notion of trust begins.  Combine passwords with as many factors as possible without increasing friction, and your chances of suffering data loss through password hacking are both extremely low and – importantly – highly limited.

Combining what you know, what you have, what you are, where you are and when you are can be a hard chain of secrets to break.

Click below to share this article

Browse our latest issue

Intelligent CIO North America

View Magazine Archive