So, you made the wise decision to look at options to replace passwords in your organisation. Good idea! You may have also thought that the Infosec show in London last week would be the obvious place to do some homework, but was it?
I have attended the UK’s premier information security expo for many years as a guest speaker and an exhibitor. However, this year I was curious to experience it as a visitor. I wanted to walk the halls as if I were a CISO or IT Director actively looking for a password alternative. As you would imagine, I was not short of options, but I am not sure if any of them were convincing enough to make me go cap in hand to the Financial Director to raise a purchase order.
I must declare my partiality, as the CEO of a company that has what we consider to be the best password replacement on the market. However, what struck me was the perceived level of complexity the solutions offered. Walking on to the stands, reading the graphics, skimming over the data-sheets, watching the promotional videos and having the odd conversation left me somewhat perplexed – and I work in authentication! This is a big problem. There is certainly no shortage of gimmick solutions out there which would fail very quickly when put in the hands of real users or real-world situations.
Those tasked with marketing solutions to replace passwords are creating an impression that it must come at the price of greater complexity. True, some of the interfaces looked very nice (others resembled school-room calculators from the 1980’s), but the majority of choices on offer made it more convoluted than the universal typing of a username and password. This is the reason passwords continue to be the so prolific in our digital worlds; you just need a screen and keyboard to use them, nothing complex or expensive.
At a time when many IT teams are involved in programmes of digital transformation, the challenge of balancing strong security with customer usability is a vitally important consideration. Organisations are looking at ways to make customer journeys slicker and more seamless, across digital platforms and devices. A cumbersome, login process can mean falling at the first hurdle.
The throng of people wandering the halls of Infosec alongside me were all too aware of the limitations of passwords, and would love to consign them to the history books. However, the onus is on the industry as a whole to make it easier for them to build a business case to do so. We need to shift the marketing mindset that more complicated means more secure. It is entirely possible to have strong robust authentication that doesn’t burden the customer, or the IT department for that matter with additional layers of complexity.
Author: Steven Hope, CEO of Authlogics