World Password Day is an annual event celebrated on the first Thursday of May to raise awareness about the significance of strong and secure passwords. With the increasing amount of cyber-attacks and data breaches, it is more necessary than ever to protect our online identities.
Passwords have been around for decades, evolving from basic words and phrases to complicated combinations of letters, numbers, and symbols. Passwords evolved and become more sophisticated over the years, yet they remain one of the weakest links in online security.
Despite this evolution, passwords remain vulnerable to cyberattacks such as brute force, dictionary, and phishing attempts. Many organisations have put in place password policies to stop these attacks, including complexity requirements, and mandated password changes. Although these policies offer some protection, they are not foolproof.
Passwordless authentication
Many organisations are exploring passwordless authentication methods, such as biometrics and multi-factor authentication, to improve password security. Biometric authentication, which includes facial recognition and fingerprint scanning, is a more secure and convenient method of user authentication. Multi-factor authentication provides an extra degree of protection to password-based authentication by requiring users to produce two or more pieces of evidence to validate their identity.
Passwordless authentication systems, on the other hand, are not a the ultimate solution and provide their own set of challenges in the age of fast evolving artificial intelligence (AI)-based cyberattacks. For instance, biometric authentication can be spoofed or compromised with publicly available biometric information. Multi-factor authentication can also be vulnerable to social engineering attacks, in which an attacker tricks the victim into disclosing their credentials.
Multi-pronged approach to identity management
According to Chern-Yue Boey, Senior Vice President, Asia-Pacific, SailPoint, overcoming these difficulties would require a multi-pronged strategy that combines passwordless authentication methods with automated identity management systems. This will improve organisational security by ensuring that the appropriate level of access is assigned to the relevant persons via a single digital identity.
Automated identity management solutions can assist organisations in more efficiently managing user identities and access permissions, decreasing the risk of human error and boosting security.
“While passwords can be a gateway that is exploited, malicious actors often weasel their way through business systems that do not have privileged access practices. This is especially critical today, given that organisations are more reliant than ever on third-party vendors and non-employees for contingency labour.
By controlling the level of access that employees and non-employees alike have, businesses can then nip illegitimate attempts to access privileged information or systems in the bud – having visibility across their organisation, and therefore first-knowledge of irregular activity.” Chern-Yue Boey commented.
He added that ultimately, businesses are set to manage an explosive growth in digital identities, catalysed by increasing reliance on Internet of Things (IoT) and Robotic Process Automation (RPA) technologies, as well as growing digital work environments.
With that, moving towards a passwordless future is only one element of the puzzle. Identity management must be included in the mix for businesses to truly strengthen their entire cybersecurity postures and prevent password-related threats.