Is the smoke beginning to clear for password security?

Issue 3 2022 Access Control & Identity Management, Security Services & Risk Management


Steven Hope.

It seems that not a day goes by without the publication of a new survey revealing that people are using so-called weak passwords. As the CEO of a company that develops password security management, passwordless and other authentication solutions aimed at protecting organisations from being compromised, I read these reports with mixed feelings.

On the one hand it is important to hammer home the message that password security needs to be taken seriously. Yet with every new statistic being similar to the last, I wonder whether we are making any progress. Like any story that hits the headlines, we initially sit up and take notice, but the longer it goes on, the more desensitised we become to it.

Let’s be honest, everyone knows that 12345 is a bad password. So, if you are using it to access one, or likely more accounts, you are doing so knowingly. That means you are either unaware of or ambivalent to the repercussions that can befall you as an individual or your organisation. Similarly, those of us working in the IT and security profession have known for many years about the pitfalls of poor password security, yet still it is the cause of the vast majority of data breaches.

So, if the awareness is not being accompanied by action we are at an impasse.

However, recently while watching the world go by in the sunshine outside in a pub garden, I was given a sense of optimism from an unexpected place. I suddenly noticed how no one was smoking cigarettes. As a non-smoker I would rather have sat inside than inhale the smoke of people who had been banished to the garden, but apart from a few people vaping, the air was fresh.

My point is that everyone who smoked knew it was bad for them (and those around them), but they did it anyway. The price of tobacco was steadily increased, bans on where they could light up were introduced, even horrific images of the damage it does to your body were added to packets, but still people chose to smoke. It was the introduction of vaping and e-cigarettes that changed the game completely. Smokers could continue to behave in a very similar way, but the risks to them and those around them were reduced. Vape shops quickly appeared and the price of maintaining their habit was competitive, making the swap easy.

This is where we need to get to with passwords. We need to clear the smoke (pardon the pun) and create a clear and simple path for people to follow. Technology vendors (Authlogics included) have brought to market a plethora of different products and solutions all trying to solve the same problem in a different way – use a password manager, ditch passwords, use multifactor authentication, introduce biometrics – the list goes on. These solutions will solve the problem but the message to the world is unclear and confusing, with every vendor arguing about the best approach.

Passwordless may be the next big leap, but just like those addicted to nicotine, very few will leap from 20 a day to quitting. Having tried to convince the market to jump to passwordless (albeit with some success, but not quite global domination), I am convinced that the right approach for the mass corporate market is password security management. This approach enables people to continue to behave in a similar way, continuing to use passwords, but within an ecosystem that ensures they are being used in accordance with best practice. For some organisations this may be enough, for others it may provide them with the roadmap they need to take the next step to improve how information and systems are accessed in a secure and compliant way.

The password problem is the result of bad habits, and they can be hard to break. But ask anyone that has done it and they will not tire of telling you the benefits. We can make progress and the survey results will improve, but it is going to take time, effort, and education.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...
Navigating the complexities of privileged access management
Editor's Choice Access Control & Identity Management
Privileged Access Management and Identity Access Management are critical pillars of modern cybersecurity, designed to secure access to sensitive resources, enforce principles like least privilege, and implement just-in-time access controls.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
How can South African organisations fast-track their AI initiatives?
AI & Data Analytics Security Services & Risk Management
While the AI market in South Africa is anticipated to grow by nearly 30% annually over the next five years, tapping into the promise and potential of AI is not easy.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...