+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Most IT professionals want to replace passwords with something better, but the industry can't agree on what that is

Feb 21, 2020, 01:02 IST
  • Passwords are cumbersome, ineffective, and involved in 80% of hacking data breaches - but they are deeply entrenched in our personal and work cultures.
  • New research shows companies are working to get rid of passwords entirely, while new AI technologies can now authenticate identities by voice patterns or even how you text.
  • Next week 45,000 cybersecurity professionals convene in San Francisco to show off the latest tech vying to replace passwords - but can the security industry find consensus on universal solutions?
  • Visit Business Insider's homepage for more stories.

Everyone seems to hate passwords. They're hard to remember, a hassle to reset - and they don't work. Around 80% of hacking-related breaches each year involve stolen or weak passwords, Verizon's Data Breach Investigations Report has found.

Advertisement

New research, tech, and alliances suggest we may finally be making progress in getting rid of them. In a new survey of 2,500 IT professionals - who often oversee companies' new security approaches - two-thirds say their companies will adopt passwordless authentication for employees and customers.

And last week Apple joined the FIDO Alliance, an association advocating new authentication standards to help reduce reliance on passwords. Microsoft, Google, Intel, and other big companies are already FIDO members, and Apple was seen by some as a holdout. Microsoft, too, has said that it's working to kill off passwords, at least for internal use.

Passwords are also under scrutiny as 45,000 cybersecurity workers convene in San Francisco next week for the RSA Conference, where "The Human Element" is the theme, and dozens of talks and sessions will discuss identity authentication - with methods besides remembered passwords.

"Passwords are for tree houses," says legendary social engineering hacker Frank Abagnale, famed as the subject of the movie "Catch Me If You Can," who will speak at the conference on the link between passwords and terrorism. Abagnale is an evangelist for Trusona, a startup that produces software for large enterprises - including Aetna and Nippon Telegraph and Telephone - to build passwordless authentication for their users.

Advertisement

Another company bringing new password-killing methods to RSA is Nuance, which makes enterprise software that uses conversational artificial intelligence to prevent financial fraud. The company's biometrics can identify and verify customers on the phone based on patterns of speech, vocabulary - even how someone taps on a phone when they text.

Despite all the research and tech being employed to dump passwords, we still have a long way to go. Forty-two percent of the same IT pros who say their companies will dump passwords say some users in their companies still use sticky notes to keep track of them, according to a Ponemon Institute survey sponsored by Yubico, a Silicon Valley provider of hardware authentication security keys.

Why has it been so hard to get from sticky notes to passwordless authentication? Passwords are entrenched, and while alternatives are popping up everywhere, consensus is slow to gel.

"Passwords have long been the de facto standard for protecting sensitive data," says Steve Povolny, head of advanced threat research for the cybersecurity firm McAfee. "These days, there are many options that could take the place of the password, and in several instances, already have."

But many options combined with technical limitations make a unified solution difficult.

Advertisement

A December report from analyst firm Gartner found that the many options for doing away with passwords may be a key part of the challenge.

"There are many ways to eliminate passwords, improving the user/customer experience and/or enhancing security; however, technological constraints make a universal approach elusive. Security and risk management leaders…need a cohesive strategy across key use cases," the report said.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article