Should passwords be a thing of the past?
Despite services like LastPass and browser autocomplete functions making password management easier than ever, passwords continue to be among the weakest links in enterprise security.
Rather than run yet another campaign asking people to come up with stronger passwords, some experts suggest that we be rid of our alphanumeric secrets forever.
A group of ten CISOs are predicting that enterprises may soon move to multifactor authentication, or even deprecate passwords altogether.
“Despite industry-wide efforts to reinforce this method of authentication and the number of methods available to encrypt and store passwords … creating good passwords – and safeguarding them – is as difficult as rocket science,” Nikk Gilbert, director of global information protection and assurance at ConocoPhillips, a Texas-based energy company, said in a statement.
Instead, the group said, enterprises will make use of newer technologies such as biometrics.
Yet the CISOs caution that a single authenticator may not be enough at this point, since no single measure is hack-proof.
Overall, the industry is moving towards an identity-based authentication method as opposed to a credentials-based one, according to Frank Bradshaw, CISO at Valley Health. Other technologies employed could include adaptive, cognitive and behavioural techniques.
Other CISOs involved included Chris Bullock of Aaron’s, Inc., Jonathan Chow of Live Nation Entertainment, Michael Dent of Fairfax County Government, John Masserini of MIAX Options, Pritesh Parekh of Zuora, Jim Routh of Aetna, Hussein Syed, of Barnabas Health, and Christine Vanderpool of Molson Coors.