Passwords remain the de facto standard for user access and authentication for online applications .
BUSINESS SURVEILLANCE
Passwords remain the de facto standard for user access and authentication for online applications .
based code on a mobile phone app , can prevent attackers from gaining access to your account even if they obtain your password .”
In today ’ s digital world , we must remember the importance of safe password storage , using tools like password managers .
Analysis from Veracode found that over 40 % of software scanned by their tools contains some form of credential management flaw and that the most common is the use of hardcoded passwords . Veracode ’ s EMEA CTO , John Smith , said : “ It is therefore important to avoid the use of hardcoded passwords or the storage of credentials in easy-to-locate areas ; all authentication communication should be encrypted , without the use of hardcoded encryption keys .”
Scott McKinnon , Field CISO , VMware , sees third-party password managers as an alternative to creating unique passwords . “ These services generate and store unique and complex passwords for each account with encryption . They often come as a package deal with a mobile device such as Apple Keychain and Google Password Manager or are available for download in app stores .”
While password managers may not be the perfect solution , they are better than nothing . Paulo Henriques , Head of Cybersecurity Operations , Exponential-e , said : “ When used cautiously , password managers can be a great security tool and are at the very least , better than employees storing hard-to-remember passwords in spreadsheets or documents .”
When it ’ s all said and done , no matter the technological solutions in place , training remains imperative to organisational security .
Fortinet ’ s Deputy CISO , Renee Tarun , says that days like the annual World Password Day make us reflect on our own passwords and how they can be made stronger with the use of further precautions . “ There must simultaneously be more training and education of cybersecurity ensuring people are up-todate with trends and techniques hackers are using .”
Higgins recommends using modern identity protocols , adopting a securityfirst approach built on the principle of least privilege . He said : “ This is a holistic method to implementing better identity security , bolstering a business ’ password protection levels , but also providing much better allround security for identities , which are a critical attack vector .
World Password Day also serves as a reminder that organisations should also audit current security practices and training as some may be doing more harm than good .
Matillion CISO , Graeme Cantu-Park , said : “ Many businesses demand their employees to modify their passwords approximately every three months , but this often does more harm than good , as most users simply rotate through a number of weak passwords which can be easily broken through by attackers . It would be much more user-friendly to empower users to have one single strong password per system . Each password could be based , for example , on three memorable random words , thus reducing the need to periodically recycle passwords and making them harder to crack .”
End of passwords
“ It ’ s clear that unless we eliminate passwords altogether , we will continue to live in a lose-lose situation where online experiences will remain frustrating for users and attackers continue to keep stealing our information ,” said Rosch .
However , it ’ s important to realise that a passwordless future still relies on various other forms of credentials .
Henriques commented : “ We hear a lot of excitement for a passwordless future but it ’ s important to remember that this is not a catch-all solution for information security . To be passwordless still means relying on biometric authentication , and fingerprint or retina scans offer a vulnerable database for attackers to compromise .”
Even though we are stuck in a passworddriven world , organisations must realise that they are an outdated security tool and are only effective when coupled with solutions like MFA , password managers and activity monitoring .
“ Passwords remain the de facto standard for user access and authentication for online applications ,” said Horswell . “ But it ’ s time we remind ourselves that they are no longer a sufficient form of digital authentication . Instead , businesses should pursue alternative ways to protect online accounts and customers ’ personal data .” u www . intelligentciso . com
65