World Password Day: Is it about stronger passwords or no passwords?
Today is the first Thursday of May, a day which since 2013 has been celebrated as World Password Day. The idea of a “password day” was first floated in 2005 by Mark Burnett in his book Perfect Passwords. It is supposed to be a reminder to us all to set some time aside and practice password hygiene. And with passwords still being the dominant method of authentication and security for almost every aspect of our digital lives, Mark’s idea could not be more relevant.
Can we save ourselves from passwords?
In many cases, a password is the only line of defense we have against malicious entities trying to get a hold of our digital lives and identities. Once compromised, a password can give hackers unrestricted access to both our personal and professional lives. So it’s critical to have strong passwords.
Despite the importance of strong passwords being discussed ad nauseum, “123456” has continued to be the most frequently used password since 2013 - the year we celebrated the first World Password Day. For a list of the other most commonly used passwords, check out this short video.
It should be no surprise that compromised passwords are still the top attack vector for organizations of all sizes and up to 42% of organizations have suffered a data breach as a result, begging me to ask the question - can we save ourselves from passwords?
No, passwords must go
Expecting humans to create strong passwords, memorize them, enter them for the 90+ online accounts that an average user has, without reusing a single password across any service, is not realistic. In fact, the unrealistic expectations that we as security professionals put on users is one of the primary reasons we continue to see passwords such as “123456” still in use. While we may have multi-factor authentication (MFA) technologies, they are only temporary band-aids. The truth of the matter is that passwords must go.
If not passwords, then what?
The million dollar question. A variety of vendors, including MobileIron, have been working on solutions to help organizations replace passwords with stronger and easier forms of security.
While there are multiple options with varying degrees of deployability and usability, the quickest method for large scale adoption of passwordless MFA, while providing an intuitive user experience, is to use the mobile device as the user’s identity.
Smartphones, when managed by UEM, can easily be used to replace passwords and provide simple and smart authentication. Interested in killing passwords? Learn more about MobileIron zero sign-on here.