Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 30 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

With the Advent of Biometrics, Are Passwords Going Away?

by The Gurus
February 1, 2018
in Editor's News, This Week's Gurus
Share on FacebookShare on Twitter

By Jackson Shaw, VP of product management for One Identity

Facial recognition and fingerprint scanning for device authentication are no longer futuristic concepts reserved for James Bond movies. In fact, biometrics seem to be gaining ground over their inferior cousin, the password, by the day. So, why do we all still have more passwords than we would care to remember? And whatever happened to the much-hyped “death of the password”?

Three burning questions that dog the authentication discussion are:

  1. Why are we still using passwords when there are so many more secure options out there?
  2. Will biometrics ever become the standard for authentication?
  3. Assuming passwords are here, for at least a little while longer, how can I make them work for me?

 

Why are we still using passwords?

To understand why we are still using passwords, we need look no further than human nature. We like what we are comfortable with and resist change.

Since the very inception of networked computing, there has been a need for user authentication in order to access systems and data, and the easiest authentication to build into a system is the password. All you need is a directory and a few simple technologies to enforce the security. Consequently, the vast majority of systems use password authentication as the default — and in many cases, password authentication is the only option.

For those of us purchasing and implementing these applications, passwords have always been good enough… until they weren’t. The people that rely on these systems are comfortable with passwords. They have all kinds of tricks to help them remember their passwords (which, by the way, is often the reason passwords are the weak link in the security chain). And passwords are cheap – often password-based authentication is built into the systems that we rely on. Implementing a more secure or convenient authentication method will only add expense, management overhead, and possibly user dissatisfaction.

In addition, consider the fact that most organisations rely on older systems that default to password-based authentication. Switching to biometric enabled systems can be expensive, or require long deployment and integration cycles, and often comes across as an effort to fix something that isn’t broken. Not to mention that when multiple legacy systems are in play, those challenges are magnified many times over.

So why are we still using passwords? My opinion is, quite simply, because it’s good enough. Until there is a compelling event, technological breakthrough, or regulatory mandate forcing the issue, passwords will remain king.

Will biometrics become the new standard?

I believe that, yes, biometrics will eventually become the new standard. But only after enough password-based breaches hit enough organisations with enough negative effect that they are forced to implement stronger forms of authentication.

But I would also argue that multi-factor authentication (an approach in which biometrics is becoming a key player) is quickly becoming “a” standard, if not “the” standard. More and more organisations today are implementing the need to supplement the single factor of something you know (the password) with a second factor of either something you have (such as a smart card or OTP token), and more recently another factor could be something you are — otherwise known as biometrics.

Since second factors of the “something you have” variety are easier to implement and more easily integrated with legacy systems, I would expect continued growth in one-time passwords (OTP) and smart card authentication, while biometrics slowly gains ground.

So maybe the correct answer to this question is: multi-factor authentication will become the standard quickly, with biometrics being incorporated into a fraction of those use cases…at least for the foreseeable future.

How can I make passwords work for me?

Authentication technologies, whether they be password or biometrics, exist for one purpose – to secure access to systems and data. With the death of the password being greatly exaggerated, there is a compelling need to find ways to use them better. In other words, we need to find ways to ensure that passwords fulfill their purpose and work for your company’s security processes. Recent NIST guidelines provide cool alternatives to the strict rules we’ve been told to abide by when setting a strong password. For example, use a long phrase rather than a distorted version of your pet’s name. However, many legacy systems simply don’t provide the flexibility to implement these dramatically different password policies.  But there is hope. Here’s some ideas:

  • Add multi-factor authentication. There are many options available for a two- or three- factor in authentication, and making sure that it fits with the culture of your organisation is the best way to ensure that users will be able to seamlessly gain access to their work without having it disrupt their workflow.
  • Reduce the number of passwords you use — but change them frequently. Much of the trouble with hacked passwords is that they are easy to discover. This can be the result of poor practices such as never changing a password or the use of social engineering to guess them. However, a single hard-to-guess password that is changed often, and applies everywhere is an ideal remedy to their traditional weaknesses. Single sign-on and directory consolidation are fairly easy and common technologies that achieve this end.
  • Take advantage of all your options. When implementing new systems, be sure that they support the standards necessary for adding multi-factor authentication to the mix and ensure that the policy you enforce for accessing those systems uses all the options available to you.

So, while the death of the password may be highly exaggerated for now, authentication is evolving, and biometrics will slowly become the new standard of the future. Set yourself up today to seamlessly and securely move into the password-less world, for when it finally arrives.

FacebookTweetLinkedIn
Tags: biometricsCybercybersecurityIAMIdentitypasswordtech
ShareTweetShare
Previous Post

2017 saw a rise in Ransomware and Cryptomining

Next Post

Which is most the dangerous global hacking cyber group? – AlienVault research

Recent News

cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information