Despite claims to the contrary, the password isn’t dead yet. Help Net Security points out new research from SecureAuth that documents how dependent many firms are on passwords. In fact, the research found that 40% of IT decision-makers admit that passwords are their only IT security measure. The IT leaders also believe it will take 5 years to see a significant shift in organizations’ reliance on passwords. The author says this is a worrying revelation, considering how many security breaches are the result of compromised credentials.
The researchers found that the entertainment, hospitality, and leisure industry is taking the most risks with its data as 65% of respondents from this sector admit their organizations only use passwords as a security method. (rb- No wonder they keep getting hacked!)
The author claims that SeaureAuth found that 45% of public sector organizations only use passwords. (rb- Another reason to limit how much data they collect on citizens)
Despite companies relying on passwords alone, the survey revealed that 63% of respondents believe their current authentication methods are effectively protecting valuable assets. The survey also revealed that firms worry about protecting different resources:
29% say protecting the company’s VPN is critical- 28% believe protecting on-premise applications is a top priority
- 20% stated protecting Cloud and SaaS is the most important, and
- 18% said mobile takes precedence.
Nick Mansour, Executive Vice President of Worldwide Sales at SecureAuth explained,
As the skills of hackers continue to evolve, organizations are going to have to wise up to new methods of information access security, such as adaptive authentication which can leverage real-time threat intelligence, biometrics and even behavioral analysis.
Frighteningly only 44% of SecureAuth respondents have plans to change or enhance their security model in the next two years. The forthcoming Microsoft Windows 10 can help firms evolve their authentication processes. Help Net Security reports that Windows 10, includes a new feature called Windows Hello. Windows Hello will allow users to authenticate themselves using biometrics. The SecureAuth study reports that only 28% of IT decision makers believe that businesses will biometrics in 5 years’ time.
The article reports that Microsoft (MSFT) considers Windows Hello authentication more secure than using passwords – so secure, in fact, that it can be used in government organizations, the defense, financial, and health care industry. Microsoft’s Joe Belfiore wrote
Our system enables you to authenticate applications, enterprise content, and even certain online experiences without a password being stored on your device or in a network server at all
Mr. Belifore says Windows Hello will work with existing fingerprint readers. Windows Hello will also work with facial or iris detection by combining special hardware and software; “The cameras use infrared technology to identify your face or iris and can recognize you in a variety of lighting conditions.”
Mr. Belfiore also introduced Windows Passport, a programming system that can be used to provide a more secure way of letting you sign in to sites or apps. The article explains that unlike with passwords, with which you authenticate yourself to apps, sites, and networks, Passport allows Windows 10 to do that in your stead: again, without sending up a password to their servers. Mr. Belfiore says:
Windows 10 will ask you to verify that you have possession of your device before it authenticates on your behalf, with a PIN or Windows Hello on devices with biometric sensors. Once authenticated with ‘Passport’, you will be able to instantly access a growing set of websites and services across a range of industries
rb-
Couldn’t Redmond pick a name other than Passport? Reminds me of the Hotmail days.
There is of course the age-old problem of what to do if your biometric signature is stolen. You can easily change your iris with a sharp stick, but that does not seem very efficient.
What do you think?
Loading ...
Related articles
- Second factor authentication can help prevent security breaches (cloudentr.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.