Is the smoke beginning to clear for password security?

Issue 3 2022 Access Control & Identity Management, Security Services & Risk Management


Steven Hope.

It seems that not a day goes by without the publication of a new survey revealing that people are using so-called weak passwords. As the CEO of a company that develops password security management, passwordless and other authentication solutions aimed at protecting organisations from being compromised, I read these reports with mixed feelings.

On the one hand it is important to hammer home the message that password security needs to be taken seriously. Yet with every new statistic being similar to the last, I wonder whether we are making any progress. Like any story that hits the headlines, we initially sit up and take notice, but the longer it goes on, the more desensitised we become to it.

Let’s be honest, everyone knows that 12345 is a bad password. So, if you are using it to access one, or likely more accounts, you are doing so knowingly. That means you are either unaware of or ambivalent to the repercussions that can befall you as an individual or your organisation. Similarly, those of us working in the IT and security profession have known for many years about the pitfalls of poor password security, yet still it is the cause of the vast majority of data breaches.

So, if the awareness is not being accompanied by action we are at an impasse.

However, recently while watching the world go by in the sunshine outside in a pub garden, I was given a sense of optimism from an unexpected place. I suddenly noticed how no one was smoking cigarettes. As a non-smoker I would rather have sat inside than inhale the smoke of people who had been banished to the garden, but apart from a few people vaping, the air was fresh.

My point is that everyone who smoked knew it was bad for them (and those around them), but they did it anyway. The price of tobacco was steadily increased, bans on where they could light up were introduced, even horrific images of the damage it does to your body were added to packets, but still people chose to smoke. It was the introduction of vaping and e-cigarettes that changed the game completely. Smokers could continue to behave in a very similar way, but the risks to them and those around them were reduced. Vape shops quickly appeared and the price of maintaining their habit was competitive, making the swap easy.

This is where we need to get to with passwords. We need to clear the smoke (pardon the pun) and create a clear and simple path for people to follow. Technology vendors (Authlogics included) have brought to market a plethora of different products and solutions all trying to solve the same problem in a different way – use a password manager, ditch passwords, use multifactor authentication, introduce biometrics – the list goes on. These solutions will solve the problem but the message to the world is unclear and confusing, with every vendor arguing about the best approach.

Passwordless may be the next big leap, but just like those addicted to nicotine, very few will leap from 20 a day to quitting. Having tried to convince the market to jump to passwordless (albeit with some success, but not quite global domination), I am convinced that the right approach for the mass corporate market is password security management. This approach enables people to continue to behave in a similar way, continuing to use passwords, but within an ecosystem that ensures they are being used in accordance with best practice. For some organisations this may be enough, for others it may provide them with the roadmap they need to take the next step to improve how information and systems are accessed in a secure and compliant way.

The password problem is the result of bad habits, and they can be hard to break. But ask anyone that has done it and they will not tire of telling you the benefits. We can make progress and the survey results will improve, but it is going to take time, effort, and education.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cloud-based or on-premises access control
Salto Systems Africa Access Control & Identity Management Products
Choosing between cloud-based and on-premises access control solutions can be a difficult decision, however, the best solution for your organisation, property, or building type will depend on a range of factors.

Read more...
Convergence of cyber and physical security
Integrated Solutions Security Services & Risk Management
The overlap between cybersecurity and physical security will necessitate the integration of cyber and physical security in order to enable the sharing of events to the same security operations centre.

Read more...
Improved security health check tool
Gallagher Access Control & Identity Management Products
Gallagher Security has streamlined its free Security Health Check tool, making it easier than ever to protect against potential system risks and improve business efficiencies.

Read more...
Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Read more...
Suprema showcases integrated security solutions
Suprema Access Control & Identity Management Products
Apart from being an access terminal that supports multiple credentials such as facial recognition, RFID, mobile and QR codes, the BioStation 3 also supports VoIP Intercom and real-time video monitoring features to make it a truly multi-functional reader.

Read more...
Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Read more...
Local electronic locks
Access Control & Identity Management
YeboTech is an electronics manufacturing company, founded in 2005, which designs, markets and sells an electronic key and locking systems, aimed at replacing all conventional mechanical locks.

Read more...
Selecting the correct access control system
Enkulu Technologies Access Control & Identity Management
Frazer Matchett, Managing Director of Enkulu Technologies, suggests the right questions to ask when selecting an access control solution; not just the access system, but the integrated solution that fits your requirements.

Read more...
Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Read more...
Paxton secures multi-tenant office in Cape Town
Paxton Integrated Solutions Access Control & Identity Management Products
Cecilia Square in Paarl, Cape Town is an office building from where several businesses operate. The multi-tenant site has recently undergone a full refurbishment, including a complete upgrade of its security system for access control.

Read more...