More

    Death of the Password: Long Live the Password

    For years, cybersecurity experts have been predicting the death of the password. However, complex passwords will likely still have a vital role in infosecurity for the time being.

    For starters, complex passwords are cost-effective ways to protect sensitive information and IT infrastructures. As such, quick and easy password management is a process IT teams have perfected.

    And due to the larger acceptance of passwords as a security list checkmark, many organizations lack the basic IT foundations to implement passwordless solutions like biometrics or zero-trust architecture (ZTA).

    Moreover, as workforce burnout and the Great Resignation continue to push organizations to divert IT resources that could focus on aspirational projects, passwords are an understated simplicity that doesn’t shift the status quo too fast.

    According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021, exceeded the total number of events in 2020. The rise of cyberattacks across industries reaffirms the need to have security measures that employees are comfortable with and are seemingly safer than implementing a new technology.

    Implementing new technology too fast can leave security gaps open for bad actors while users are educated on using the new tech.

    Also read: Best Cybersecurity Training & Courses for Employees 2022

    Barriers to a Passwordless Future

    Hybrid work accelerated enterprise adoption of ZTA and the cybersecurity mesh, which according to Gartner, enables the decentralized enterprise to deploy and extend security where it’s needed most. These approaches to cybersecurity require security solutions that are flexible, agile, scalable, and composable and can control access at each point of entry, for each device, and each user.

    The deployment of this strategy is still relatively new, though. And, while it is quickly moving from research to broader business application, there are still a lot of questions on what the right roadmap is to start building a ZTA ecosystem.

    Security Limitations of Passwords

    Despite the yearly increase in cyberattacks, the solution is the same: Enterprises usually need complex, strong passwords (16+ characters) to prevent unauthorized system entry. There’s no doubt that firewalls help prevent unauthorized access, but firewalls alone are not enough to protect 21st-century IT networks.

    Many organizations have several applications and devices employees use daily. In addition to all these apps and devices, organizations usually want unique, individual passwords for them, ultimately contributing to password fatigue for employees.

    However, the issue with passwords is people. Employees prefer convenience to security—a concept called security friction. And in industries where system access is needed quickly, like healthcare, critical infrastructure, and even customer service, security is often equated with frustration, being seen as technology getting in the way of getting the job done.

    Simplify Complexity

    There are ways to implement complex passwords and remove complexity for employees. IT teams need to balance security and workflow efficiency that enables strong password policies across all workflows, endpoints, and applications, but with minimal disruption to the end-users. The path forward is through a security strategy that focuses on unified security and efficiency for managing digital identities across complex ecosystems.

    For example, enterprise single sign-on (SSO) can eliminate the need for employees to manually enter usernames and passwords for all of their applications and devices. Passwords can be as complex as needed, but employees only need to tap a badge or sign in to workstations and applications once.

    But passwords continue to be the primary way hackers gain access to sensitive information, even if they’re strong passwords and even with SSO. Because of this, it’s important to augment complex password policies with multi-factor authentication (MFA).

    MFA offers a simple yet secure way to validate users’ identities, sometimes without needing a password, via several modes of authentication, such as providing a pin, token, or biometric scan.

    Easing Employee Password Pains 

    As the security landscape evolves, including increasing virtual interactions, attackers can stress test a larger network of endpoints for unauthorized system access. But establishing a culture of privacy, trust, and compliance, organizations can feel better about their cybersecurity measures.

    Organizations can ease password pains by eliminating security friction, integrating compliance and security steps into employees’ workflows, supplementing complex password policies with MFA, and making security “invisible” to the employee with security enhancements like SSO.

    Moving Toward Passwordless Authentication

    As we look toward the new passwordless authentication era, enterprises have to remember that cybersecurity strategies that incorporate MFA and SSO with digital identity at their core are key pillars to make this change easier for employees.

    Passwords have long plagued organizations as a weak  link in security. Employees will often reuse passwords across multiple systems, or they forget their passwords or write them down, which increases how easily they can be compromised. Therefore, enterprises should look to create a work environment where password management is a nearly invisible step that no longer fatigues employees and eases their password pains.

    Read next: Cybersecurity Awareness for Employees: Best Practices

    Wes Wright
    Wes Wrighthttps://www.imprivata.com/
    Wes Wright is the Chief Technology Officer at Imprivata, the digital identity company for healthcare and beyond. He brings more than 20 years of experience with healthcare providers, IT leadership and security. Prior to joining Imprivata, Wes was the CTO at Sutter Health, where he was responsible for technical services strategies and operational activities for the 26-hospital system. He was also SVP CIO at Seattle Children’s Hospital and served as Chief of Staff for a three-star general in the US Air Force. Wright holds a B.S. in Business and Management from the University of Maryland and received his MBA from The University of New Mexico. He’s also a member of the CHIME & AEHIT Virtual Health Policy Workgroup.

    Latest Articles