?
editor ’ s question
JAMES DAWSON ,
CYBERSECURITY SOLUTIONS ENGINEER , VARONIS
A passwordless future will eventually become reality – though it will likely take longer than we think , it will ensure more effective cybersecurity . here are some
T inherent problems with passwords :
• Many people use weak passwords . One study found 81 % of hacking-related breaches used stolen or weak passwords .
• Passwords are relatively easy to steal . Either through social engineering or because people store them insecurely or write them down because they have difficulty remembering a complex password .
• People often re-use passwords . If a poorly designed website stores member passwords in clear-text and is then the victim of a data breach , the attackers have a good chance of being able to access many other services using the same username / password combination .
The weaknesses of passwords are a driving factor behind the rise of multifactor authentication and password managers . These both increase security ; however , they are merely a patch for an already weak system .
We should move away from ‘ something you know ’ to ‘ something you have ’ or ‘ something you are ’. Alternatives that will ensure adequate security in the future are :
• Biometrics . Fingerprint , voice , face , iris , heartbeat – fingerprint readers and face-ID are already widely used on smartphones and tablets and are becoming more common on laptops . Biometrics cannot be stolen and are much more difficult to copy .
• One-time passwords . Systems that send a one-time password to your phone are more secure than weak passwords , but if your phone is stolen , someone would then have access to your accounts .
• A hardware token , such as a key fob or smartphone .
• Software tokens as used in asymmetric cryptography .
Several individuals and organisations have ‘ predicted ’ the end of passwords , from Bill Gates , to IBM most notably ; however , so much of our IT infrastructure is built around passwords as an authentication method .
They are still very simple to implement , cross-compatible with many different systems , users know how to use them and they don ’ t require expensive or difficult to access hardware to work , unlike biometrics and hardware tokens .
But they are a weak form of authentication security and we are moving away from them slowly .
A passwordless future will eventually become reality – though it will likely take longer than we think , it will ensure more effective cybersecurity .
28 www . intelligentciso . com