Simeio Solutions expert says: Most breaches are from exploited passwords. Let’s get rid of them. – Intelligent CIO ME

Posted on by

James R Quick,Director, Solutions & Advisory for Simeio Solutions, tells us its time to get rid of passwords and instead automate and secure the authentication process.

There are two things we can do to secure our corporate assets; get rid of users or eliminate passwords. I say that tongue and cheek, but theres truth to half of that statement.

Ok. We obviously need users but employees are on the front lines in a cyberwar over corporate and consumer data, battling myriad cyberattacks. Most data breaches are caused by credential theft. Thats why, our most important endpoints are users. They are the most likely to unknowingly give away the kingdom keys.

Im not being flippant about passwords. Id like to see them gone. The best way to eliminate nefarious activity from stolen passwords is to eliminate them. To secure employees, systems, applications, corporate secrets and consumer data, we must rein in repetitive and weak passwords that expose organizations to attacks.

Time to shift away from passwords

Everyone recognizes password weaknesses. Were frustrated with having to create and remember them, and where we stored them. So, we repeatedly use the same weak passwords, that are easily memorized. We know this creates a security risk but do it anyway.

Security teams are overwhelmed managing, storing and protecting credentials. They may not have the budget or resources for the most up-to-date systems. They might lack the processes and policies to consistently update software, and dont have the domain expertise to keep up with the latest technologies to protect their business. They know hackers can acquire user credentials and move laterally across their network to access anything they want. Theyre also challenged to keep up with ever-growing privacy regulations.

A password replacement must be pervasive

Our smartphones are almost another appendage. Theyre with us constantly and are ubiquitous in our personal lives and business. While there are many methods and strategies for avoiding stolen and misused passwords, there is one that scales and permeates our personal and business activities. We can harden endpoints, like smartphones, tablets, smart speakers and laptops, with standards-based public key cryptography.

How it works

Secure key-enabled user devices remove the need for passwords, eliminate user registration and login friction, and globally scale. To initiate the process, users authenticate with the website using their devices private key, which responds to the websites security challenge.

The private key can be used only after the security code has been unlocked by the user, by swiping a finger, entering a PIN etc. The device creates a new public/private key pair, unique to the online service, and the users account. The public key is sent to the online service and associated with the users account. The private key and local authentication information never leaves the device.

Passwords require human interaction which is a formula for disaster. We must automate and secure the authentication process. This means removing people from the equation. While there are many approaches to eliminating the password conundrum, standards-based public key cryptography provides strong authentication that scales and can be deployed on devices we use to register and login to online applications and services.

Facebook Twitter LinkedInEmailWhatsApp

Read the original here:
Simeio Solutions expert says: Most breaches are from exploited passwords. Let's get rid of them. - Intelligent CIO ME

Related Posts
This entry was posted in $1$s. Bookmark the permalink.