Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call

The Practical Steps You Need to Migrate from Passwords

Steven Hopeon 17th October 2017

Every time a data breach hits the headlines it is accompanied with calls for organisations to find ways to better manage passwords, misguided advice on how to make them stronger, or suggestions for alternatives. The move away from password-based login credentials is for most (whether consumer or corporate) the goal, but there needs to be a clear strategy in place for this migration in place.

So, rather than simply saying ‘You need to replace passwords’ here are some practical steps to get you thinking today about how you can begin to address the password problem once and for all.

 

Take stock of your password landscape
  • The first step is to fully understand the scale of the problem. Consider how many different systems are in use that have their own password policy.
  • Look at which systems are “stuck” in a password world, and which can support new standards, e.g. OpenID, SAML etc.

 

Consolidate policies
  • If you have various policies it is advisable to update them to a single updated policy that is in line with NIST 2017 guidance. Having fewer variations to deal with will help simplify future changes. What’s more, by settling on an updated policy it will also help with your current compliance requirements.

 

Identify possible password replacements
  • We are no longer in a world of limited technologies. In the 1980’s people waited to see who would win the battle between Betamax and VHS before committing. In today’s competitive world there are huge commercial advantages of being a savvy early adopter.
  • You have nothing to lose by running a short-term pilot with a limited group of users within a team or department.
  • Remember. you do not need to replace like-for-like and the goal should not necessarily be to find a single alternative. For example, it may be enough for a fingerprint (or face recognition) to provide the user with access to certain services, but for transactions or sharing of confidential information, you may want a multi-factor solution.   

 

Roll it out
  • Begin by targeting key user account databases first, e.g. Active Directory as this will deliver the biggest improvement to your security and consequently remove your largest headache.
  • Training should be offered, however, the key to a successful password replacement is that it is intuitive and instinctive to use, so this shouldn’t be a major consideration.

 

There is no silver bullet; there is no one way to solve all problems, so don’t wait for one, get started where you can today.

in Authentication, Business, Management, Password Replacement, Strategy

Leave a Reply Cancel reply

  • Previous

    Should We All Be Writing Down Our Passwords?

  • Next

    Teabrownpicture2017 – A Password That Takes 227 Million Years to Crack

Recent Posts

  • 3.2 billion credentials (emails and passwords) rinsed up, cleaned out and COMBed
  • PRESS RELEASE: Authlogics Partners with Westcoast to Deliver Passwordless Authentication Solutions in the UK, Ireland, and Europe
  • Reflection & Prediction
  • Analyzing the Cit0day breach
  • Read all about it – your ‘Audit’ here!

Recent Comments

  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Multi-Factor Authentication
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Auditing
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Management
  • Weekly Update 216 | Spyware.ws on Corporate Password Security with Troy Hunt
  • Weekly Update 216 | AdwareSearch.com on Corporate Password Security with Troy Hunt

Archives

  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • April 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • January 2019
  • September 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015

Categories

  • Authentication
  • Business
  • Compliance
  • Customer Experience
  • Data Breach
  • Download
  • Implementation
  • Management
  • Marketing
  • Multi Factor Authentication
  • Password
  • Password Replacement
  • PIN
  • Remote Working
  • Security
  • Strategy
  • Uncategorised

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact us

UK: +44 1344 568 900
US: +1 408 706 2866

sales@authlogics.com
info@authlogics.com

Visit us

Access Office Suites, Willoughby Road,
Bracknell, Berkshire, RG12 8FP, UK

Map it »

1551 McCarthy Blvd, Suite 215,
Milpitas, CA, 95035, US

Map it »

Follow on

Legal information

Privacy Policy
© Authlogics Ltd. All Rights Reserved.