Passwords are 60, time for them to go

Issue 3 2021 Access Control & Identity Management, Information Security

It has been 60 years since passwords were first used at MIT and if the number of breaches in the news are anything to go by, we are no more adept at managing our passwords than we were in 1961. But while passwords are being phased out, IT leaders can fortunately rely on authentication technology that will protect their valuable data without destroying the user experience.

Gerhard Oosthuizen.

As more companies have adopted cloud computing and more recently, remote working, the need to protect data has become significantly more important. For companies transacting online, the need to protect their customers is higher still. However, setting up security roadblocks that slow down the user experience will cause irritation and potentially lose valuable customers.

“Protecting users while keeping fraudsters out has become one of the most critical duties for today’s CIO. Finding the right balance between great user experience and strong authentication in a low-friction environment has become the holy grail in security circles,” says Gerhard Oosthuizen, chief technology officer at Entersekt.

Passwords just don’t cut it

According to Verizon’s annual security report, compromised credentials are still the most often used asset (80%) when it comes to data breaches. Despite the glaring evidence of just how at risk we are, most people resist making use of password managers and according to Oosthuizen, still have terrible password habits.

“We all now have hundreds of accounts that require passwords. The chances are we each have around four or five that we simply recycle. One which we only use for our bank account, one or two that we use for our various social media accounts and one which we use for everything else.

Our ‘recover password’ information is also easily cracked, so that is of little use - especially if we answer honestly. A simple search will give you a person’s mother’s maiden name, the name of their first pet and let’s be honest, the majority of us will answer pizza if asked for our favourite food. Passwords are passé,” Oosthuizen states.

When the weaknesses of password-based authentication started to become known, many organisations introduced two-factor authentication. One popular implementation that is still common today is SMS one-time PIN or password (OTP) technology. While it does add an extra layer of protection, Oosthuizen points out that this often comes with a big dose of user friction and it’s by no means foolproof.

“Today the biggest challenge with OTPs is that the technology does not really protect against modern attacks. Criminals have found many workarounds such as SIM-swap and man-in-the-middle attacks.”

Stronger security, better experiences

More robust technologies like mobile push authentication have now replaced SMS OTPs as the industry standard in authentication. Unlike SMS OTPs, authentication messages delivered via push messaging technology are truly out of band. “This means that you don’t rely on the same channel to deliver authentication requests and responses that was used to initiate the original, potentially fraudulent, transaction,” Oosthuizen explains.

In addition to the stronger security provided by technologies like push-based authentication, they also offer a far greater user experience. The user receives the full request on their trusted mobile app and can approve it from there. They no longer have to wait for an OTP to arrive and copy it or remember it and then enter it, frequently having to switch between apps to do so. It’s all about leveraging the user’s device to create a strong device identity and making authentication experiences as seamless as possible. And today you can use the biometric sensor on a device to completely eradicate the use of passwords, while increasing security.

“We use the end-user’s digital device to help authenticate them. Our certificate-based device ID technology ensures that only your own trusted device can be used and if you combine that with biometrics, it prevents you from having to enter a password or an OTP. This enables a truly passwordless experience, Oosthuizen explains. “So the passwordless future has arrived. That should make all those CIOs smile.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Long-distance vehicle identification
Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Multi-modal access control solutions
Suprema neaMetrics Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Suprema’s latest multi-modal access terminals are top-of-the-range, highly secure, easy to install, and easy to use. They feature biometrics, mobile access, and RFID and are both PoPIA and GDPR compliant.

Battery-powered video doorbells
Ring Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Ring has announced the latest addition to its line of video doorbells. The Battery Video Doorbell Pro builds on the capabilities of its predecessor, providing greater value and convenience for homeowners.

Tackling estate entrance challenges
Turnstar Systems Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The Velocity Raptor’s retractable spikes deter criminals from entering estate premises; equipped with LED lights, it provides visibility during the day and night, and in adverse conditions.

HELLO visitor access management
Products & Solutions Access Control & Identity Management Integrated Solutions Residential Estate (Industry)
HELLO is an on-premises visitor and contractor access management solution designed to be fully integrated and complementary with smart, on-trend technologies, securing estates and businesses alike.

Digital transformation in estate environments
Regal Distributors SA Products & Solutions Access Control & Identity Management Residential Estate (Industry)
Digital transformation has brought all users into digital processes across every industry and activity, interlinking activities and crossing industry boundaries. This complexity leads to significant changes in previously established workflows, especially in visitor management.

Same old cables, new intercom
Hikvision South Africa Products & Solutions Access Control & Identity Management Residential Estate (Industry) Smart Home Automation
Retrofitting old residential complexes with a modern two-wire HD video intercom system is more than an upgrade. For many homeowners and renters, these systems represent a leap into the future.