EDITOR ’ S QUESTION
Passwords have been around for millennia – there are references in the bible , and every child knows how Ali Baba opened the magical cave by uttering ‘ open sesame ’. The modern computer password was introduced in 1960 by Fernando Corbató , a computer scientist at MIT .
Today , passwords have become somewhat of a nuisance , especially for IT professionals . Organizations would be lost without access to the many online resources they use day-in-and-out for work , but they also need a long list of passwords to protect each of them . The password is the most problematic item which affects most people when using computers . For many years we have had to contend with short complex passwords which are easy for a computer to hack but difficult for us humans to remember . and physical Tokens are becoming very scarce these days , with ‘ soft tokens ’ becoming more common . Most of us already use soft tokens when using Internet banking ; where we log on using a ( usually numeric ) ID and short password ( as banks are still frequently using mainframe computers for authentication ) but the more secure part is when we get a numerical token on our mobile phone which we need to enter in order to complete the authentication .
• Federated identity , which integrates with an existing IT ecosystem and user directory login details , so users need only one password to unlock their work .
While passwordless might be the way forward , it won ’ t be easily , or completely , achieved . Seventy four percent of organizations in the Lastpass survey thought their end-users would prefer to continue using passwords , because they were familiar with them .
IT professionals spend many hours managing these lists of employee passwords . According to a survey undertaken by LastPass , a provider of identity and access management technology , IT managers today spend an average of five hours per week managing passwords . Passwords are far from perfect . Password compromises are estimated to be the root cause of 80 % of all data breaches . Ninety two percent of respondents to the LastPass survey believe passwordless authentication to be the way forward .
Some key alternatives to passwords include :
• Biometric authentication – enabling employees to securely authenticate and bypass typing in a password by using their face or fingerprint .
• Single sign-on , which eliminates the need for employees to use multiple passwords by using only one set of credentials to give them access to all resources . This way , we only have to remember a single SSO system password .
• Moving on to a token system : often Smart Cards , RSA SecurID or SafeWord Tokens . Smart Cards
Respondents also identified challenges in the deployment of a passwordless authentication model : the initial investment required to implement such a system ; regulations around the storage of the data required ; and the time taken to migrate users to a new system .
When you consider all these alternatives , it would certainly be possible to have a passwordless authentication system in the future . For example , instead of using a traditional password , a combination of a digitally-recorded signature , and biometric scan can provide more security than a password ever could , with just as much ease . p
While passwordless might be the way forward , it won ’ t be easily , or completely , achieved .
JEREMY DALY , CYBERSECURITY PRODUCT MANAGER AT DDLS
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 35