Best Practice Tips for Password Administration from Tech Security Insiders
Passwords have been an industry-standard as well as industry headache for a considerable length of time and their administration henceforth has become the misery of end-users and IT administrators, yet there are alternatives to take advantage of the experience and reduce their headaches.
And so here are several industry experts discussing the challenges of and solutions to passwords.
- Matt Davey, COO at 1Password, an online password management provider;
- Daniel Smith, head of security research at Radware, a security solutions provider;
- Rick McElroy, principal security strategist at VMware Carbon Black, a virtual security platform; Matt Wilson, chief information security advisor at BTB Security, a security solutions provider;
- And Ben Goodman, CISSP and senior vice president of global business and corporate development at identity platform provider ForgeRock.
The first issue discussed was the current challenges faced with passwords, Matt Davey was of the view that “Even though for many years we've relied on passwords to securely access the apps and services we use daily, both at home and at work. Today, as many of these services move to the cloud and breaches become bigger and more frequent, password authentication is even more critical, particularly for enterprises.”
Whereas Matt Wilson says, “Since the dawn of the first password we've struggled with largely the same issues; selecting strong, unique, passwords, remembering and storing them, and changing them periodically. People pick bad passwords and share them across multiple accounts for a very simple reason: It's easier to remember.
As attackers have developed and refined their toolsets, they've increased their capabilities to attack our accounts. Their speed of attack, the volume of guesses, the ability to mask their location/identity, and the "intelligence" they've developed to make better guesses make protecting our accounts more difficult than ever before.”
The second topic of discussion was the remedies and as per Daniel Smith, “Password hygiene is one of the biggest problems that both organizations and individual users face today. One of the easiest ways to combat and remedy the issue with password hygiene is through the use of a password manager and the use of multi-factor authentication.
Using a password manager naturally encourages users to not reuse passwords, and there are plenty of user-friendly options available to both consumers and the enterprise. Multi-factor authentication simply creates an extra step for accessing any account, and can be the barrier needed to stopping unwanted access.”
But when the last question was addressed i.e. what will replace the password problem in the future. Rick McElroy was quick to answer by referring to the current state of pandemic observed by the world, he says, “Short term, it looks like hand and fingerprint biomarkers, two-factor authentication with a mobile device and, in a post-COVID-19 world, facial recognition will be rolled out faster than ever. At some point in the future, DNA will probably be used to verify identity in the medical field but may not be applied to say a laptop and windows login currently.
Long term, I could see a future where a combination of measurements like a heartbeat and brain waves could be used. These types of identification systems are already being beta tested on battlefields to ensure the right criminals and insurgents are being arrested and to protect innocent lives. I would not be shocked to see that deployed at some point in the future.”
And lastly, Ben Goodman was of the opinion that, “Passwords should become a thing of the past. Today, organizations can solve the challenges that come with passwords by leveraging technology that can provide a passwordless user journey.
By adopting a passwordless approach, organizations provide users with frictionless, secure digital experiences. With the use of biometrics or push notifications, organizations can bring the same effortless authentications users have experienced on their smartphones, with technologies like FaceID from Apple or Samsung's Ultrasonic Fingerprint scanner, to every digital touchpoint while ensuring security.”
And since as a feature of an intelligent authentication strategy, passwordless authentication empowers future-proof access so as to improve the customer experience and guaranteeing security by pushing suspicious users to 'additional verification'.
So it is clearly evident from this above discourse that organizations don't have to wait for any further to comprehend and solve password issues: If only they choose the correct arrangement, passwordless verification is conceivable even today.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/3cnLgV4
Comments
Post a Comment