Story image

Five reasons to kill off passwords as we know them

Centrify, a provider of Zero Trust Security are calling for the end of password protection.

World Password Day turns up annually on the first Thursday of May, as a day to promote good security hygiene and password habits.

However, Centrify, a cybersecurity company whose products are used by more than half the Fortune 100 organisations in the US, warns people that passwords provide a false sense of security.

Centrify senior director APAC sales Niall King said passwords fail to protect online resources. 

King states, “The bottom line is that passwords are not doing the job they’re intended for.

“There’s ample evidence to support this fact, such as the 2017 Verizon Data Breach Investigations Report (DBIR) which states that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. “

“So rather than celebrate World Password Day, we should treat it like an overly complicated password and just forget it, for five simple reasons.”

1. Passwords do not protect online assets

As demonstrated by the Verizon DBIR findings, passwords are a big part of the problem, not the solution for security. 

Relying on passwords alone to protect online identity and assets is like trying to ward off a rainstorm with a sheet of paper, it’s just not up to the task.

2. People are really bad at choosing passwords

Most people are poor at recalling complexity, so, as a result, users tend to choose dumb passwords that are easy to remember.

3. People don’t keep their passwords secure

Even if users are one of those rare people who creates a complex string of random characters that are at least eight characters long, with upper and lower case letters, numbers and special characters, you have likely recorded it somewhere, such as a sticky note next to your monitor or in a Word or Excel file on your hard drive, which makes it as secure as a house key hidden under the welcome mat.

4. People use the same password for multiple websites

Because strong passwords are hard to recall, we may remember one and use it repeatedly. 

The problem is that this approach to security is like the domino effect: Once one falls, they all go down.

5. There are many more secure ways to protect yourself than passwords

You probably already use some of them, such as two-factor authentication.

Another example is biometric identification, like the thumbprint that gives you access to your smartphone and authenticates your identity when you use your phone to make purchases.

King concludes, “Let’s stop making it easy for attackers to steal our data.

“Instead of celebrating passwords, we should ditch them in favour new tools like two-factor authentication to better protect our online selves. It’s time to kill the password."

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.