SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Five reasons to kill off passwords as we know them
Thu, 3rd May 2018
FYI, this story is more than a year old

Centrify, a provider of Zero Trust Security are calling for the end of password protection.

World Password Day turns up annually on the first Thursday of May, as a day to promote good security hygiene and password habits.

However, Centrify, a cybersecurity company whose products are used by more than half the Fortune 100 organisations in the US, warns people that passwords provide a false sense of security.

Centrify senior director APAC sales Niall King said passwords fail to protect online resources.

King states, “The bottom line is that passwords are not doing the job they're intended for.

“There's ample evidence to support this fact, such as the 2017 Verizon Data Breach Investigations Report (DBIR) which states that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. “

“So rather than celebrate World Password Day, we should treat it like an overly complicated password and just forget it, for five simple reasons.

1. Passwords do not protect online assets

As demonstrated by the Verizon DBIR findings, passwords are a big part of the problem, not the solution for security.

Relying on passwords alone to protect online identity and assets is like trying to ward off a rainstorm with a sheet of paper, it's just not up to the task.

2. People are really bad at choosing passwords

Most people are poor at recalling complexity, so, as a result, users tend to choose dumb passwords that are easy to remember.

3. People don't keep their passwords secure

Even if users are one of those rare people who creates a complex string of random characters that are at least eight characters long, with upper and lower case letters, numbers and special characters, you have likely recorded it somewhere, such as a sticky note next to your monitor or in a Word or Excel file on your hard drive, which makes it as secure as a house key hidden under the welcome mat.

4. People use the same password for multiple websites

Because strong passwords are hard to recall, we may remember one and use it repeatedly.

The problem is that this approach to security is like the domino effect: Once one falls, they all go down.

5. There are many more secure ways to protect yourself than passwords

You probably already use some of them, such as two-factor authentication.

Another example is biometric identification, like the thumbprint that gives you access to your smartphone and authenticates your identity when you use your phone to make purchases.

King concludes, “Let's stop making it easy for attackers to steal our data.

“Instead of celebrating passwords, we should ditch them in favour new tools like two-factor authentication to better protect our online selves. It's time to kill the password."