Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Authlogics Authlogics
  • Solutions
    • Password Security Auditing
    • Password Policy Compliance
    • Password Breach Database
    • Deviceless OTP
    • Single Sign-On
    • Cloud Protection
      • Amazon Web Services
      • Azure and Office 365
    • Helpdesks
    • Retail Banking
    • Transaction Verification
  • Products
    • Password Security Management
    • Multi-Factor Authentication
      • Authenticator Mobile App
      • PINgrid
      • PINphrase
      • PINpass
      • Yubikey
    • System Agents
      • ADFS Agent
      • Domain Controller Agent
      • Exchange Agent
      • Remote Desktop Agent
      • Windows Desktop Logon Agent
  • Resources
    • Demonstration
    • Whitepapers
    • Datasheets
    • Case Studies
    • Use Cases
    • Pricing
    • Blog
    • UK Government: G-Cloud
  • Partners
    • Find a Reseller
    • Find a Distributor
    • Technology Partners
    • Become a partner
    • Password Security Portal
  • Company
    • Contact Us
    • Intellectual Property
    • About Us
  • Support
    • Downloads
    • Documentation
    • Knowledge Base
    • Community
    • Log a call
Are passwords worth fixing?

Are passwords worth fixing?

Kate Wotherspoonon 25th October 2019

If you follow along with the Authlogics blog, you will probably expect us to have a hard stance on this topic. We are not in favour of the password, as you will have noticed, but if you ask us if they’re worth fixing… The answer is a very vague, yes… and no.

Let us explain.

Should we have long term continued reliance on passwords? Absolutely not. They are, without a doubt, weak, breachable, and the number one reason for most hacks.

But, sadly, they still exist. Many companies still use them. So, should they be fixed? Most definitely. But not so that they can be leant on for the long-term; but so that they can be gradually phased out in a way that respects the complexities of large businesses today.

Fall from glory

Passwords have served a useful purpose for computers and software since the early ’60s. Initially designed for non-Internet connected devices to allow multiple users to share access to the same computer, as the Internet took our world by storm and the platforms we use went from a single item to some innumerable figure, the password stuck as the favourite means for authentication.

Just a decade ago, we could count on one hand the number of systems we needed passwords for. This meant that we could keep them relatively safe and easily remember what they were.

In today’s ‘always-online’ mode we have hundreds of accounts and access points. And humans, unfortunately, are not great code keepers. With the Internet came hackers and with hackers came regulations and guidelines to increase the complexity of passwords. The challenge with this, however, is that, as we mentioned, humans are not great code keepers. These increased complexities created three kinds of users:

  1. Those that re-use the same password for every platform
  2. Those that use a similar password for every platform
  3. Those who re-set their password on most occasions

Eighty per cent of people, above the age of 18, repeat the same password for all systems, and in just the past 60 days, 60 per cent of people will have had to re-set their password.

Even if consumers and users were miraculously able to remember all their passwords without storing them somewhere, they are still able to be breached.

If a hacker wants to get into an account that is protected only by password authentication, given enough time, they can. Just search in Google for password breach and you’ll be inundated with articles about password breaches. Hackers are more intelligent, more automated and multiple-use passwords just don’t provide protection.

What worked for a non-Internet connected device went on to be the star of authentication for the next 50 years. But much has changed in those 50 years, the technology of hackers in particular, and the password cannot be the one solution any longer.

Passwords need an upgrade and eventual phase-out plan — a little fix, with a long term goal of decommissioning.

How can we fix and phase out the password?

We have the technology we need to move into a password-free future, which can be achieved in three easy steps.

1. Comply

With the password still in place, the first step is to ensure that password protection is in line with the latest compliance; checked against the Authlogics Password Breach Database to meet the new password policy guidelines set by NIST SP 800-63B. Businesses must also establish real-time password breach protection so that no hacks or attempts can go unnoticed.

2. Secure

Multi-factor authentication is the next step to go beyond the knowledge-only solution of passwords and add an extra layer of security, making it harder for hackers to breach. 1.5-factor and 2-factor authentication can be applied to achieve this and move your business away from complete reliance on passwords. However, an MFA solution which does not rely on a password must be chosen.

3. Replace

Removal of passwords is the ultimate goal. While they are in the picture, there is a vulnerability, so the final step is to introduce a password-less solution to enable authentication flexibility and scalability.

So, are passwords worth fixing?

Coming back to the original question and our vague yes/no answer, we have to fall down strongly on the side of Yes, and should be fixed by removing the password completely; any short-term fix, as we outlined, is literally that, a short term fix. If you want to remain compliant and secure, the only option is to replace the archaic and unsafe password management systems. Technology has moved on in leaps and bounds over the last 50 years and it’s time business moved with it to embrace security and compliance as key goals for underpinning business success through resilience. Remember, all publicity is not good publicity for your company when it contains the word ‘hacked’.

Are passwords worth fixing? – Where to find out more

To learn more about multi-factor authentication solutions to improve the efficacy of passwords, or how you can begin to phase them out, please get in touch with us.

in Multi Factor Authentication
tags: multi-factor authentication, password replacement, Passwords

Leave a Reply Cancel reply

  • Previous

    How to make Active Directory a security strength, rather than a weakness

  • Next

    Why are financial services adopting SMS MFA when the industry recommends against it?

Recent Posts

  • 3.2 billion credentials (emails and passwords) rinsed up, cleaned out and COMBed
  • PRESS RELEASE: Authlogics Partners with Westcoast to Deliver Passwordless Authentication Solutions in the UK, Ireland, and Europe
  • Reflection & Prediction
  • Analyzing the Cit0day breach
  • Read all about it – your ‘Audit’ here!

Recent Comments

  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Multi-Factor Authentication
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Auditing
  • Authlogic Password Security Management Offer with CyberWhite - CyberWhite on Password Security Management
  • Weekly Update 216 | Spyware.ws on Corporate Password Security with Troy Hunt
  • Weekly Update 216 | AdwareSearch.com on Corporate Password Security with Troy Hunt

Archives

  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • April 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • January 2019
  • September 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015

Categories

  • Authentication
  • Business
  • Compliance
  • Customer Experience
  • Data Breach
  • Download
  • Implementation
  • Management
  • Marketing
  • Multi Factor Authentication
  • Password
  • Password Replacement
  • PIN
  • Remote Working
  • Security
  • Strategy
  • Uncategorised

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact us

UK: +44 1344 568 900
US: +1 408 706 2866

sales@authlogics.com
info@authlogics.com

Visit us

Access Office Suites, Willoughby Road,
Bracknell, Berkshire, RG12 8FP, UK

Map it »

1551 McCarthy Blvd, Suite 215,
Milpitas, CA, 95035, US

Map it »

Follow on

Legal information

Privacy Policy
© Authlogics Ltd. All Rights Reserved.