Sometimes you must step outside of the zone to see the with total clarity.
During the past ten years I’ve watched as tech company after tech company has declared the death of passwords. As someone who manages 40+ professional and personal passwords, I was certainly onboard and looking forward to the funeral, because it meant I could live a password free life. A replacement for passwords. Yes, I was looking forward to never seeing the dreaded “Forgot my password” pop-up. No more password merry-go-rounds and no more bouts with the frustration and static of the forgotten password.
The death of the password made so much sense to me. Considering that half my passwords were the same and very basic – thus not secure and the other half were so complex they looked like something out from Einstein’s Theory of Relativity. There was no way I could remember my complex passwords and the solution was to create a handful of Post-it notes and strategically hide them around my office. The problem with the Post-it strategy is the glue eventually dries up and the Post-it ends up lost.
That’s right, passwords have broken our spirit at one time or another. They’ve also proven to be easily hacked or stolen. One wise CEO once said “Passwords are extremely secure. Just make sure you use a medley of 18 characters including caps, symbols, numbers etc. and change them DAILY!” Of course he was being factitious, but his point was well taken.
So the tech leaders all declared a war on passwords. One after the other they launch declarations, all with a subtly different spin, but ultimately delivering the same message. Like I said, I was onboard and even leading the charge. During the past few years I’ve written several blogs and editorials promoting the demise of passwords. Heck, I’m the VP Marketing for a fingerprint biometric solution provider, therefore why wouldn’t I expect that everyone would want to replace passwords with a touch of their finger?
But the question is, have are passwords too entrenched within our cybersecurity ecosystem to live without them? As we’ve discussed there is a way to maintain a high level of security using complex passwords, but what about the nuisance? How about that user that has to authenticate dozens of times throughout their day? Wouldn’t the complex password break their spirt and inhibit workflow? Wouldn’t the password need to be displayed somewhere for ease of recall?
The other day I was speaking with one of our customers. Security is a top priority for this customer and he shared how his organization may have found a perfect balance. Some might even call it a perfect marriage, one between the age-old password and a newly preferred authentication method, the fingerprint. At this customers organization, employees are required to enter in a 16-medley character password when they initially sign in for the day. Once the employee has signed in with their password, they can then use their fingerprint to authenticate to access websites, files and apps throughout the day. Our customer has identified a way to increase security on two levels yet maintain a process that compliments lean processes, positively impacting workflow.
For organizations that are struggling with how to position / manage passwords and add a second factor to either replace or compliment the authentication process, it seems that our customer has identified a sensible and secure solution. By using the complimentary sophisticated password & biometric tandem, the organization has reduced risk, reduced the number of password resets and optimized the end user experience. So, maybe passwords aren’t dead, maybe they’re just semi-retired and “yes” you can live a secure life with passwords, just marry them to a strong biometric partner.