Passwords: Are we still using them?
Passwords; we can’t live with them, we can’t live without them. That’s how most people view it when it comes to keeping their digital assets secure. We’re forever told to make our passwords stronger and longer by adding numerical digits and capital letters, but as much as we’d like to, chances are most people simply forget the ‘unique’ combination of keyboard characters soon after they entered it with yet another online service.
Some of us can take comfort in the knowledge that humans aren’t really wired to remember passwords. And this is why we see ridiculously weak passwords such as “123456” in use. If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. It may not be known to many, there are now many innovative and safe ways to authenticate users without passwords, as well as methods which still use passwords, but only in conjunction with multiple layers of protection, known as multi-factor authentication (MFA). Businesses can protect access to company data with strong authentication. These solutions include innovations such as smart cards, tokens, readers. Multi-factor authentication uses two or more different forms of identity verification—usually something you know (password or PIN) in combination with something you have (smart card or token). It’s an access strategy that provides users with secure access to enterprise data anytime, anywhere.
Multi-factor solutions such as this, in particular those which can operate without passwords, are the future. It is imperative for any company with the security of its customers and employees in mind to understand this by now. The password and its many flaws are already losing support from the biggest players. Many players are now developing physical tokens to replace passwords in an effort to enhance security. Whether this will be successful remains to be seen, but physical tokens are not the only password alternative being developed. There is biometrics, retina scans and cardiac rhythm authenticators seen around these days. Nevertheless, the charm of passwords is fading, and soon, authentication will push passwords out to pasture potentially forever. When this happens, passwords will inevitably be consigned to the past, as they probably should.
-by Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto.