Is the smoke beginning to clear for password security?

Issue 3 2022 Access Control & Identity Management, Security Services & Risk Management

Steven Hope.

It seems that not a day goes by without the publication of a new survey revealing that people are using so-called weak passwords. As the CEO of a company that develops password security management, passwordless and other authentication solutions aimed at protecting organisations from being compromised, I read these reports with mixed feelings.

On the one hand it is important to hammer home the message that password security needs to be taken seriously. Yet with every new statistic being similar to the last, I wonder whether we are making any progress. Like any story that hits the headlines, we initially sit up and take notice, but the longer it goes on, the more desensitised we become to it.

Let’s be honest, everyone knows that 12345 is a bad password. So, if you are using it to access one, or likely more accounts, you are doing so knowingly. That means you are either unaware of or ambivalent to the repercussions that can befall you as an individual or your organisation. Similarly, those of us working in the IT and security profession have known for many years about the pitfalls of poor password security, yet still it is the cause of the vast majority of data breaches.

So, if the awareness is not being accompanied by action we are at an impasse.

However, recently while watching the world go by in the sunshine outside in a pub garden, I was given a sense of optimism from an unexpected place. I suddenly noticed how no one was smoking cigarettes. As a non-smoker I would rather have sat inside than inhale the smoke of people who had been banished to the garden, but apart from a few people vaping, the air was fresh.

My point is that everyone who smoked knew it was bad for them (and those around them), but they did it anyway. The price of tobacco was steadily increased, bans on where they could light up were introduced, even horrific images of the damage it does to your body were added to packets, but still people chose to smoke. It was the introduction of vaping and e-cigarettes that changed the game completely. Smokers could continue to behave in a very similar way, but the risks to them and those around them were reduced. Vape shops quickly appeared and the price of maintaining their habit was competitive, making the swap easy.

This is where we need to get to with passwords. We need to clear the smoke (pardon the pun) and create a clear and simple path for people to follow. Technology vendors (Authlogics included) have brought to market a plethora of different products and solutions all trying to solve the same problem in a different way – use a password manager, ditch passwords, use multifactor authentication, introduce biometrics – the list goes on. These solutions will solve the problem but the message to the world is unclear and confusing, with every vendor arguing about the best approach.

Passwordless may be the next big leap, but just like those addicted to nicotine, very few will leap from 20 a day to quitting. Having tried to convince the market to jump to passwordless (albeit with some success, but not quite global domination), I am convinced that the right approach for the mass corporate market is password security management. This approach enables people to continue to behave in a similar way, continuing to use passwords, but within an ecosystem that ensures they are being used in accordance with best practice. For some organisations this may be enough, for others it may provide them with the roadmap they need to take the next step to improve how information and systems are accessed in a secure and compliant way.

The password problem is the result of bad habits, and they can be hard to break. But ask anyone that has done it and they will not tire of telling you the benefits. We can make progress and the survey results will improve, but it is going to take time, effort, and education.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Gallagher launches Tech Talk
Gallagher News Access Control & Identity Management Perimeter Security, Alarms & Intruder Detection
Gallagher has announced the launch of its new Security in Focus podcast series called Tech Talk, hosted by chief technology officer Steve Bell.

IDEMIA and Ideco demonstrate their value stacks
Technews Publishing Ideco Biometrics IDEMIA Conferences & Events Access Control & Identity Management News
Ideco and IDEMIA recently hosted a travelling show where attendees were given an update on the companies, as well as the full value stack they offer.

Paxton10 simplifies building security
Paxton Access Control & Identity Management
Paxton provides a single platform for access control and video management in Paxton10, its newest innovation that allows users to manage their facilities from one simple security system.

From Hill Street Blues, to Hillbrow, to managing risk for BMW
Technews Publishing Editor's Choice News Security Services & Risk Management
Jane-Eleanor Morrison’s success story starts from growing up in the stressful pre-democracy times in KZN, moves through a successful career in SAPS. to BMW South Africa where she is now the risk control manager.

Have biometrics changed the way mines operate?
ZKTeco Mining (Industry) Access Control & Identity Management
The mining industry continues to improve conditions for mine workers, striving for zero harm, however, innovations which improve worker safety and increase operational efficiency are still needed.

Adapting to the new normal
Access Control & Identity Management
SATEC (SA Technologies) had to develop a new strategy to enhance its current product features to align and adapt to market trends within the technology sector.

AI will drive the future of access control
Suprema Access Control & Identity Management
Artificial intelligence is driving changes previously in the realm of the imagination. AI-based voice recognition and image recognition enable machines to understand and recognise things better than humans are able to.

Look before you leap into a back-up power solution
Editor's Choice Security Services & Risk Management
Before you rush into purchasing a back-up power solution, you need to take a considered and long-term view of how to get yourself as close to grid independence as possible.

All-mobile people management solution with facial recognition
Editor's Choice Integrated Solutions Security Services & Risk Management Products
The new mobile Incident Desk People Management platform with facial recognition combines identification data on suppliers, staff, sub-contractors and even people on watch lists, for less than the cost of traditional service management tools.

Passion, drive and hard work
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
Colleen Glaeser is a leader in the security market, having made her mark in the male-dominated security industry through determination and hard work, along with a vision of making the world a safer place.