The Death Knell of Passwords? It's Closer than You Think

Powerful authentication tools will soon make enterprises more secure and end-users less frustrated. Here's why and how.

Dark Reading Staff, Dark Reading

November 6, 2017

3 Min Read

Like death and taxes, passwords are an inescapable part of modern life. But cryogenics and promises of comprehensive tax reform notwithstanding, passwords may be one inevitability we may be rid of soon.

That should be welcome news to everyone with a screen full of sticky notes with long, complex, and not particularly effective codes for deterring hackers. Of course, to paraphrase Mark Twain, reports of the death of passwords have been greatly exaggerated in the past, going back to 2004, when Bill Gates predicted their demise at an RSA Security Conference.

It’s different this time. For one thing, technology infrastructures have burst beyond their corporate perimeters to include armies of mobile workers, far-flung clouds, and sprawling networks that have loosened IT’s grip on enterprise data. Today, companies’ digitally savvy end-users need to securely access sensitive information wherever they are and whenever they want.

Which brings us to another reason why the days of passwords are numbered (or more appropriately, a combination of numbers, letters, and at least one symbol). The reality is, passwords have never been as effective as we’ve needed them to be. The Verizon 2017 Data Breach Investigations Report states that 81% of breaches involve stolen or weak passwords. This isn’t surprising since passwords have a long and sketchy history, going back to what may have been the first computer password, created to regulate access to MIT’s Compatible Time-Sharing System. CTSS may have spawned email, IM, and other commonly used digital tools, but even its password couldn’t keep an MIT researcher from hacking into the machine.

Beyond Passwords

No one’s going to mourn the loss of passwords, but the question is, what will replace them in a world teeming with cyberthieves? There’s no one answer, and that’s actually a good thing. Having multiple options gives CISOs wider latitude to successfully achieve hardened security without getting in the way of people doing their jobs.

Security pros can do this with adaptive authentication, a two-factor identity-assurance strategy that takes advantage of various options that serve the needs of today’s dynamic and boundless workplaces. For example:

  • SMS, voice, and email messaging where end-users receive a code to authenticate themselves to protected systems

  • One-time passwords like Okta Verify and Google Authenticator that offer alternatives to static passwords and easily-forgotten codes

  • Physical tokens for supporting RSA, Symantec, and Yubikey tokens

  • Biometric factors including Windows Hello and Apple Touch ID

Security can be further enhanced with IP reputation device state analysis, using technology that rates the trustworthiness of devices and decides whether to grant access to the network. Similarly, geo-location capabilities authenticate users based on whether there are warning signs about where they are in the world, and what type of client they’re using. Geographical anomalies, or something similar, using sophisticated algorithms that can sound an alarm if someone logged in from New York at 9 a.m. and tried again from Hong Kong an hour later.

None of these options are right for all circumstances, but the power of choice comes from the fact that each of them could be appropriate for specific situations, and for users with high-risk profiles. The bottom line is that these powerful authentication tools will make enterprises more secure and end-users less frustrated. And we all can finally get rid of those ubiquitous sticky notes.

Learn how to protect against data breaches with Okta

About the Author

Alan Joch is a veteran business and technology writer who specializes in creating online, print and live-event content, including technology best practices for commercial enterprises, the public sector, and education. His areas of expertise span electronic content management, printing and imaging, security, enterprise applications, mobile computing, server and desktop virtualization, and the Web. Previously, Alan spent seven years as a senior editor at Byte Magazine, where he alternately ran the product testing lab and the features department.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights