The growth of our digital footprints has resulted in concerns about online identity security. Traditional passwords systems have become outdated, creating fertile ground for increasingly sophisticated cyber threats. On this Change Your Password Day, we should not only change our passwords but also investigate the very essence of digital security.
Just think of how annoying it is to see ‘Login Failed.’ It is a message many people have seen too often and shows the system does not meet the needs for modern security. People not wanting too many passwords is the cause of some of the biggest security breaches to date, and change must happen.
Protecting users in the present
When looking at protecting themselves, organisations need to ensure they are acting in the here and now. Adam Marrè from Arctic Wolf who serves as Chief Information Security Officer highlights that while “passwords are the lifeblood of our online persona; we need to take them seriously to protect ourselves from the threat of cybercrime.” He highly recommends organisations have strong password management practices, including regular updates to passwords and ensuring they “don’t consist of words or phrases that can be associated directly with you, your interests or family.”
At the same time Marrè observes that, while people should use unique passwords for every account, “we must turn on two-factor authentication if it’s available.” He adds, “with so many passwords to keep track of, password discipline is difficult.”
David Warburton, Director, F5 Labs agrees with this advice, but with the caveat that, “while multi-factor authentication is still strongly recommended wherever possible, the vast number of tricks attackers have at their disposal means it is far from the unbreakable security control it was once was.” He states businesses need, “solutions that directly disrupt attacker ROI and that can curate and analyse network, device, and environmental telemetry signals across data centres, clouds, and architectures. By modelling threat intelligence across similar attack profiles and risk surfaces, affected organisations can autonomously deploy appropriate countermeasures.”
Our present security practices conceal more danger than meets the eye according to Andy Thompson, Offensive Research Evangelist at CyberArk Labs. “Simply putting strong passwords in place is no longer good enough. In fact, no matter how strong your password is, if a threat actor gets a hold of a cookie, none of it matters,” he explains. “Instead, we need a mechanism that mandates users to frequently change their credentials. And, each time, this mechanism must require strong, unique passwords, not iterative Password1, Password2 changes.”
Paul Anderson, VP UK & Ireland at Fortinet, concludes, “no single organisation can combat cybercrime alone, even with the most effective technologies and skilled security professionals in place. Having strong passwords is a way to prevent threats from entering networks, while regularly changing passwords to ensure data is protected demonstrates how everyone in a business has a part to play to maintain security.”
The future of passwordless
While protecting ourselves in the here and now is vital, organisations also need to look to the future. But what does that future look like? According to Ping Identity’s General Manager, EMEA, Paul Inglis, with backing from industry giants like Google and Amazon, “the momentum behind passwordless authentication is undeniable and many enterprise organisations are already on this digital transformation journey.”
Frederik Mennes, Director Product Management & Business Strategy at OneSpan, adds, “Upholding the integrity of your digital identity should be a top priority. This starts with passwordless protection which emerges as a viable alternative for securing critical systems that store sensitive data, providing defence against evolving threats by eliminating vulnerabilities associated with traditional passwords.”
A beacon of hope, according to Inglis, passwordless authentication is, “a paradigm shift to enhance security and user convenience significantly.” With Ping Identity research revealing that 59% of UK consumers would switch to a different brand or service that offered them passwordless as a means of logging in. According to Inglis, “this change will fundamentally reduce fraud and give consumers more security to freely navigate the digital world without fear of scams.”
The transition to passwordless then, is not just about throwing away passwords; rather it is a transformative step towards secure, open-ended and low-friction digital identity.
Final thoughts
Digital security has reached a tipping point this Change Your Password Day. Passwordless authentication provides a sneak preview on what secure future digital identities will look like and, although the adoption of passwordless technologies is still in its infancy, it’s indicative of changing perceptions about what it means to be safe in an increasingly web-based environment.
In conclusion, Change Your Password Day must be more than a cursory nod to security – it must be a clarion call for systemic change. As we await further contributions from industry experts, let us pivot towards embracing these emerging technologies, all the while maintaining vigilant, robust security practices. This is not just a step but a leap towards a future where our digital lives are as protected as they are connected – a future where our security is not just reactive, but proactive, comprehensive, and deeply integrated into the fabric of our digital existence.
