Passwords: they can be tricky at the best of times. Proper password hygiene is one of the most important factors in endpoint security, as it keeps sensitive data secure and prevents threat actors from getting into important systems.
But despite the risks, the use of weak or recycled passwords continues to be a problem even amongst IT professionals. While systems such as two factor authentication have been used as an extra layer of security, groups like the FIDO Alliance and World Wide Web Consortium have been working to make passwords a thing of the past, in favour of more secure methods.
This week, we spoke to Richard Meeus, EMEA director of security & technology strategy for Akamai Technologies, to explore the solutions driving secure sign ons, and how the sector can adapt to this change.
Highlights
“The criminals know that we are bad with passwords, and we just use something like our pet's name or something like that. And it's relatively easy for people to get the passwords or, as most commonly happens, an organisation will be breached and their password and username database will be leaked out onto the internet. And then, those usernames and passwords are reused against websites all over the planet.”
“The concept of security authentication has always been based around, sort of, one of three concepts. So there's something you know, which is a password, something you are, which is your biometric. So use your face print or your thumbprint, or something like that. Or something you have, which could be a USB token, or something that you can punch numbers into as a handheld device. So one of those three things, and we've relied upon the something you know, predominantly, which is the password.”
“Anything that we can do within security that actually makes lives easier for end users, and makes them more secure, is a good thing. And reducing passwords, reducing the use of passwords is a good thing, because nobody likes them.”
Read the full transcript here.
Footnotes
- Revealed: The top 200 most common passwords of 2022
- If not passwords then what?
- What are biometrics?
- What is two-factor authentication?
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- How to implement passwordless authentication
- Best password managers
- Best free password managers
- The sooner the FIDO Alliance can shut down passwords, the better
- Will FIDO passwordless authentication save cyber security?
- The top 12 password-cracking techniques used by hackers
Subscribe
-
Why are many men in tech blind to the gender divide?In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
-
BenQ PD3226G monitor reviewReviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Supply chain scares and Google’s AI codeITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
-
Halloween special: Cybersecurity horror storiesPodcast Join us for three terrifying tales sure to chill any IT professional to the core
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
Securing your business with education and trainingITPro Podcast Keeping your workforce updated on the latest threats requires a cohesive cyber skills strategy
-
Cracking open insider threatsITPro Podcast Leaders need to perform strict identity measures on would-be hires – and ensure employees who leave have access promptly removed
