Forget your passwords. They’re ancient history. That’s the message you’ll increasingly see if you keep up with the latest developments in security.
But what is the real impact of innovations like biometrics on the old-fashioned password? Are we really heading to a biometrics-led future and, if so, why should anyone be investing in better password and privileged account security now?
The answer is in the fundamentals of best practice around IT security: multi-layered protection that removes any single point of weakness.
At the end of 2015, 650 million people used biometrics on their smartphones, using technologies like Apple’s Touch ID. By 2020, smartphones alone are expected to be home to 2 billion users.
It’s not just consumer products. According to beta news, 20% of global enterprises have already deployed biometrics – and, as the technology continues to mature, this looks set to grow.
The vision of our biometrics-led future is breathtaking. Every user carries their means of authentication with them at every living moment – from their eyes to their fingerprints – and simply verifies their identity with a simple touch or glance. It’s faster and easier than any password could ever be.
But is it really more secure? Hackers have already reverse-engineered fingerprints of high profile figures like the German defence minister. Meanwhile, Samsung’s face-scanning technology can’t be used to authenticate Samsung Pay purchases – hardly a sign of robust security.
While biometrics are becoming more sophisticated, the reality is that the technology has a long way to go. And, in the event of a breach, a fingerprint or iris is a lot harder to change than a password.
Innovative new security measures will undoubtedly affect the way we do business and play a key role in making data more secure. But, alongside these new technologies, passwords are still likely to play a significant part in security.
By definition, two-factor authentication – considered a vital evolution in the way we secure data – requires two factors to authenticate. Even as one of those factors becomes a fingerprint, an iris, or machine using the Internet of Things, passwords will remain a familiar, largely unique, and easy to rotate variable.
The best security is about layers, not replacing one effective form of protection with another. Innovation isn’t exciting because we can say goodbye to our existing layers of protection – it’s exciting because it adds yet another obstacle for attackers to penetrate before they reach the data that matters.
Passwords aren’t inherently insecure – but the way many enterprises use and manage their passwords is. That’s why, as we embrace new technology to complement password management, we all need to take the opportunity to make sure we’re getting the basics right.
Bringing your passwords and privileged accounts under your control starts simple: list them and check their complexity. Across your shared logins, service accounts, default accounts and passwords held by machines, auditing your passwords is a vital first step in improving your security.
To help you get started, Privileged Account Management specialists Thycotic have put together a free tool to scan Active Directory and find weak passwords.