Passwords: they can be tricky at the best of times. Proper password hygiene is one of the most important factors in endpoint security, as it keeps sensitive data secure and prevents threat actors from getting into important systems.
But despite the risks, the use of weak or recycled passwords continues to be a problem even amongst IT professionals. While systems such as two factor authentication have been used as an extra layer of security, groups like the FIDO Alliance and World Wide Web Consortium have been working to make passwords a thing of the past, in favour of more secure methods.
This week, we spoke to Richard Meeus, EMEA director of security & technology strategy for Akamai Technologies, to explore the solutions driving secure sign ons, and how the sector can adapt to this change.
Highlights
“The criminals know that we are bad with passwords, and we just use something like our pet's name or something like that. And it's relatively easy for people to get the passwords or, as most commonly happens, an organisation will be breached and their password and username database will be leaked out onto the internet. And then, those usernames and passwords are reused against websites all over the planet.”
“The concept of security authentication has always been based around, sort of, one of three concepts. So there's something you know, which is a password, something you are, which is your biometric. So use your face print or your thumbprint, or something like that. Or something you have, which could be a USB token, or something that you can punch numbers into as a handheld device. So one of those three things, and we've relied upon the something you know, predominantly, which is the password.”
“Anything that we can do within security that actually makes lives easier for end users, and makes them more secure, is a good thing. And reducing passwords, reducing the use of passwords is a good thing, because nobody likes them.”
Read the full transcript here.
Footnotes
- Revealed: The top 200 most common passwords of 2022
- If not passwords then what?
- What are biometrics?
- What is two-factor authentication?
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- How to implement passwordless authentication
- Best password managers
- Best free password managers
- The sooner the FIDO Alliance can shut down passwords, the better
- Will FIDO passwordless authentication save cyber security?
- The top 12 password-cracking techniques used by hackers
Subscribe
-
Workers view agents as ‘important teammates’ – but the prospect of an AI 'boss' is a step too farNews Workers are comfortable working alongside AI agents, according to research from Workday, but the prospect of having an AI 'boss' is a step too far.
-
Zyxel XGS1935-52HP reviewReviews Plenty of Gigabit ports and a fair power budget makes this switch a great choice for SMBs with big PoE+ deployment plans
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problemNews More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
