You’ve heard it countless times; “The password is dead!” However, just because people claim that the password is no longer effective, doesn’t mean that it doesn’t currently have its uses. Passwords might be on their way out, but you can learn a lot about network security by looking at how they have been used, and where the future of authentication for enterprises will move to in the future.
The History of the Password
Passwords have been in use for far longer than most people would initially think. Since ancient times, “passwords” have been used to protect secret information. Some of the most notable uses were in regard to military strategies, with the use of so-called “watchwords” dating back to the ancient Roman empire. Another example is the use of secret codes during World War II, in which a password was meant to be responded to with a secondary credential (sort of like modern two-factor authentication).
In computing, passwords have been in use since the first computer. MIT’s CTSS from 1961 was one of the first to implement the LOGIN feature, which required that the user input a password to gain access to the device. Robert Morris furthered this concept by creating a system that saved login passwords in the Unix operating system in the 1970s. Today, passwords are still important parts of keeping data secure, and are found in all sorts of areas, including online accounts, local login credentials for both private networks and specific devices, and much more.
Common Problems with Traditional Passwords
Passwords are commonplace in the enterprise environment, but this doesn’t change the fact that they are often problematic for organizations that want to take network security seriously. Since passwords are created by users, they will attempt to make them easy to remember. This naturally leads to passwords also being easier to guess by hackers and identity thieves. Passwords need to be complex, but when they are long and include different letters, numbers, and symbols, they become trickier to remember.
Even if a password is complex, it can easily be cracked thanks to the advanced tools in use by hackers even today. Furthermore, passwords are often only effective when used alongside secondary credentials. You know of this tactic as two-factor authentication. A code is sent to a secondary device or email address, which is then used in conjunction with a password to unlock an account and allow access to the user.
Password Managers Resolve These Issues to an Extent
Developers have sought to find solutions to these issues, and they have found it in password managers. In a sense, password managers are one of the better ways to handle the shortcomings of traditional passwords. Here are five features that enterprises need for their password management solution:
- Monitor where and how your passwords are being used, and by whom
- A built-in security checker which helps users create strong passwords
- Encrypted space for storing passwords
- Deployment across a variety of platforms
- Password sharing between various departments and users
The Current State of Enterprise Authentication
While passwords can be made more effective through the use of password managers, this hasn’t stopped technology professionals from looking beyond them toward better, more secure ways to protect sensitive information. In a sense, the movement away from passwords has already begun through the use of key cards and wireless technology like wristbands. However, these are still a major problem, as someone could easily just misplace their card or lose their wristband. The solution, therefore, is something that’s always with you: your body itself.
Most of the conversation about authentication and security has been in regard to biometrics. After all, why rely on your users to create special credentials for themselves when you can instead rely on something that they already have on their person at all times, and something that can’t possibly be replicated by a hacker? This added convenience, as well as practically unreplicatable security, is one of the biggest reasons why biometrics are being talked about as a potentially game-changing security benefit in the enterprise environment.
The Future of Biometrics in the Enterprise Environment
Biometrics are being shown to have value for multiple different purposes, and it’s thought that the role biometric technology plays in the future will only evolve. Think about a world where instead of plugging in your PIN into an ATM, all you have to do is hold a finger up to a scanner or let a machine read your iris. Biometrics can potentially aid in all sorts of environments, such as aiding in workforce management, deploying healthcare services, handling government services, and so much more. It’s likely that your network security could very soon be added to this list.
In particular, your enterprise could take advantage of single sign-on biometrics to allow for easier access to information and data. The main benefit of this is that instead of relying on what the user knows–the password, which could be obtained from anywhere–the system relies instead on who is trying to access it. Thus, biometrics make identification infinitely more manageable and secure.
How is your enterprise taking advantage of biometric technology to secure important data and assets? Let us know in the comments.