Have Passwords Finally Had their Day? Cisco Seems to Think So.

The enterprise IT environment of today couldn’t be more different from that of a decade ago. From cloud computing and AI to automation and VR, a host of advanced technologies are changing the way we work and network. And it’s not just enterprises that are getting more sophisticated: so too are cybercriminals. Instances of cybercrime are increasing rapidly – up by 63% last year[1] – and criminals are embracing new tools and attack vectors to overwhelm enterprise IT defences.

However, in the face of all this disruption one thing has remained constant: our addiction to passwords as the chief means of securing enterprise systems. Like a bad habit we can’t seem to kick, IT departments continue to rely on passwords; despite the fact they’re so obviously unfit for purpose (according to Verizon, the majority of hacks rely on weak or guessable passwords[2]). We saw this coming. All the way back in 2004 Bill Gates predicted the death of the password[3], making the point that they can’t meet the challenge of keeping critical information secure. He said this three years before the iPhone was invented!

Signs of change

The good news is that there are signs that, finally, passwords may be on their way out. OK, we’re not going to see all passwords disappear from businesses tomorrow, but certainly, in the medium term, we might be in for some interesting changes.

I say this because, all of a sudden, the Advanced Authentication market seems to have sprung to life. First, there’s the news that two-factor authentication company, Duo Security, has been snapped up by Cisco for an impressive $2.53 billion[4]. This is good news as it’s a clear indication from a major enterprise technology company that passwords as a sole source of authentication may well have had their day.

This deal reflects a much wider uptick in the market. Orbis Research expects the Advanced Authentication market to explode: it has forecast a whopping 9.65% growth for the public sector enterprise market alone[5]. Meanwhile, Research and Markets suggest that the global Advanced Authentication market in the healthcare industry will achieve a CAGR of 15.31%, over the forecast period of 2018-2023[6].

These ripples indicate that something significant is stirring beneath the waters of the enterprise IT market. It’s my strong belief that we’ve reached a tipping point and that in a few years we will see passwords fall out of use in enterprises.

Don’t leap into the unknown

However, I’m aware that for most of the people I speak to on a daily basis – the IT Managers, Security Managers and CISOs – Advanced Authentication isn’t really on their radar. What they want is a simple and practical way to secure their systems and safeguard their data, and one of the major obstacles in their way is poor password management.

However, asking IT to switch from using passwords to an Advanced or Multi-Factor Authentication solution that doesn’t include passwords is often a step too far. While most love the idea of a password-free world, it remains a leap into the unknown and one that many are unwilling to make. If we’re to ensure that the transition to a post-password enterprise happens at a good pace, it’s therefore incumbent on us as an industry to help educate IT teams and their stakeholders and put in place clear roadmaps and transitory solutions.

The Cisco deal along with other sparks of activity on the market are shining a light on how things could look in a password-free world. Our aim is to blow these embers into life by helping organisations get there one step at a time.

 

[1] Computer Weekly, Business cybercrime up 63%, UK stats show, January 2018

[2] Verizon, 2017 Data Breach Investigations Report, 2017

[3] Cnet, Gates Predicts Death of Passwords, 2014

[4] TechCrunch, Cisco is buying Duo Security for $2.53B in cash, August 2018

[5] Digital Journal, Advanced Authentication Market Growth to Be Gigantic in Next Four Years Up to 9.65% CAGR in Public Sector Enterprises, August 2018

[6] Cision, Global Advanced Authentication Market in the Healthcare Industry (2018-2023), August 2018