iTSC IT Managed Services


Posted by Michelle Richard on Dec 8, 2016 12:01:21 PM

No more passwords in 2017?

Yahoo!’s disclosure that hackers might have vacuumed up the passwords of as many as half a billion users lit the floodlights on two gaping issues in IT:

  1. Passwords run out of steam well before they cross the goal line of today’s security needs
  2. Sometimes you don’t even know they’re gone, which means you’re vulnerable without realizing it

Wakefield Research recently surveyed IT decision makers and found out that 69% will probably do away with passwords completely in the next five years.

The finding of the report wasn’t surprising, nor were the insights that IT professionals are despairing of evergreen problems:

  • Users “securing” their accounts with passwords a child could guess, let alone a script kiddie driving any of a dozen tools available for free download
  • Users are recycling the same password for different accounts so that one crack exposes many systems. And it’s especially galling for IT when the breach of its system is the result of a breakdown of a system beyond its control, such as all the systems now at risk because of Yahoo! customers used the same password for Yahoo! as for their work access.

Alternatives to passwords

Options that solve both these problems are maturing. They typically involve mixing methods like:

  • Two-factor authentication involving single-use pass codes pinged to the user’s mobile phone or emailed to them
  • Biometrics—commonly fingerprint, eye, voice scanner
  • Behavior—recognizing a user’s signature behavior, such as:
    • Considering the time and place a user is requesting access and deciding if it’s in keeping with that person’s usual behavior
    • Looking at the way the user is handling the device—mouse movement and keystrokes—sniffing out atypical behavior
  • Device-specific lockdown—only allowing access to certain systems by particular devices assigned to individual owners

Combinations of these are most useful. It’s easy to see, for instance, that a device that has never been used to access a system at 11 pm let alone from another city than HQ should be locked out.

Self-aware users

Wakefield Research found the biggest obstacle to scraping standalone passwords was the belief by 42% of respondents that they’d get pushback because of "disruption to users' daily routine.”

A choice that taps into something enjoyed by many might be the answer—the selfie.

Uber is periodically asking its drivers to snap a selfie before accepting ride requests. It runs the selfie through an algorithm to match it against the one on file.

Similarly, MasterCard in Europe is asking online shoppers to authenticate themselves with a selfie.

The technology isn’t as mature as some other options—but the selfie of today might yet have its way as the future of security.

Topics: Technical Consulting, IT Security


New I.T. Project?
Questions?  Contact us.  We Can Help.

About ITSC IT Managed Service

To provide expert technical consulting, network and data management solutions for a whole outsourced IT service department experience.

iTSCs goal is to provide professional IT support; which reduces frustrations, gives guidance, peace of mind, and resolves technology issues promptly.

We keep future company growth top of mind.

 Free Computer Assessment


Subscribe to Email Updates

Recent Posts