As we approach World Password Day, it will be interesting to see how attitudes to authentication have, should and will change in the context of today’s global situation. There is no doubt that the spectre of Covid-19 will change the future of work as we know it, and we must ensure that security is at the forefront of that change.
The idea of World Password Day is to encourage us to consider and improve our overall password practices. Last year some people called for its demise due to our collective increase in security literacy – but it is back again this year and as relevant as ever. Earlier this year, Ponemon Institute found that UK IT professionals reuse their passwords across an average of ten personal accounts, while 39 percent of individuals and 58 percent of IT professionals have also done this across workplace accounts. The same study found that a majority of respondents would prefer a method of protecting accounts that doesn’t involve passwords, and more than two thirds of those believed the use of biometrics would increase the security of their organisation. Just over half said that a hardware token would offer better security.
“With our improved security awareness, some hoped last year’s World Password Day would be the last – but the reality is, we still have a long way to go,” said Nic Sarginson Senior Solutions Engineer UKI&RSA at Yubico, the leading provider of hardware authentication security keys. “Risky password and authentication practices are still rife in our professional and personal lives.”
The conclusion of the Ponemon Institute study was that in businesses worldwide, expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions. The tools and processes that organisations put in place are not widely adopted by employees or customers, making it abundantly clear that new technologies are needed for enterprises and individuals to reach a safer future together.
“These security gaps point to the urgent need for additional layers of authentication tools – but to be successful, they must also be convenient,” continued Sarginson. “Security keys are a great example of this. They deliver phishing-resistant two-factor authentication (2FA) and a higher level of security than memorable words or SMS one-time passwords (OTPs). Requiring employees to authenticate using a device – in addition to log-on credentials – will better protect networks, applications and data in the long run.”
Whenever organisations consider alternative forms of authentication, it must be remembered that people do not want to be burdened with security — it has to be convenient, user-friendly and simple. For years, it has seemed impossible to strike a balance between high security and usability, but new authentication technologies are finally bridging the gap. With the availability of passwordless login and security keys, businesses have viable options to improve their security profile.
“Gartner predicts most enterprises will implement passwordless methods in over 50 percent of use cases by 2022. However, with the majority of people currently working remotely, there is a real possibility that COVID-19 could accelerate this passwordless adoption. If that’s the case, security must absolutely be at the forefront of this change,” concludes Sarginson.