The humble password gets a hard time these days. It seems to be responsible for every hack, data breach or act of cyber espionage that we see reported. As with most of security challenges our issues with passwords come from the fact that they’re usually the responsibility of the squidgy thing that uses the keyboard.
Human beings are the reason for the passwords bad reputation. Too simple and they’re easy to crack, too complicated and people forget them. They’re easy to share, but once shared they’re difficult to change. The password has a lot of baggage but if we we’re looking for permanent, workable alternatives what are the options?
Two factor authentication
In the US, government agency the Office for Personnel Management suffered a staggeringly large and prolonged data breach that was uncovered in April. Part of their response will be to phase out access to networks with a single password, enforcing the use of smartcards. There’s no doubt that this will increase security around access, but it doesn’t deal with the issue of “privilege creep” which was what caused their breach in the first place.
Password managers work by removing the need for users to remember their passwords for the numerous websites, network systems or applications that they need access to. When dealing with privileged access tools like this are extremely useful for attaching traditional service or network admin accounts to an actual identity, this makes access much easier to track but also removes the complexities of password sharing.
Often touted as the future of authentication, biometrics have been enthusiastically embraced by mobile device manufacturers who’ve added fingerprint readers to tablets and smartphones. It’s exceptionally difficult to fake or share biometrics. The challenge in implementing this kind of technology for authentication in businesses is mainly to do with the fact that there’s a challenge in transferring physical contact to create a remote digital connection. That said, many laptops are now being built with biometric authentication built in so this could become a viable alternative as hardware evolves.
While we’re unlikely to see the password die any time soon, businesses need to be able to shore up security risks that are increased by the multitude of accounts and passwords that exist inside a network. This though has to be balanced with how easily these measures can be implemented. For example, two factor authentication will take the Office for Personnel Management two years to roll out. It would almost certainly be faster implement a password manager to hide passwords from privileged users and at the same time deploy a method for monitoring and logging access.
Walllix builds password management into our solutions making it simple to add an extra (and crucial) layer of security when it comes to working with privileged access.