The majority of IT security incidents affecting personal or business data can be traced back to weak or compromised passwords, despite the fact that the measures to secure passwords and credentials have been tightened over the years. New technologies for securely managing passwords are always coming into the market and experts always have new tips on hand on how to increase password protection.
For TJ Jermoluk, co-founder and CEO of Beyond Identity, a leader in invisible, tamper-proof multi-factor authentication (MFA), it's long been clear that a “sufficiently strong password” doesn't exist. “Being dedicated to improve password security may be well-intentioned, but let's face the reality, there is no way to make passwords secure,” he says. “Instead of giving users a completely false sense of security by advising them to use longer and stronger passwords, or not to use the same password more than once, we should be thinking about how we can eliminate passwords altogether.”
Indeed, passwords are the number one attack vector today and the cycle of password education and blaming breaches is pointless when the system itself is fundamentally flawed. In other words, password security is nowhere near solving or improving the global security problem.
Fortunately, there are technologies out there that are relieving the world from the burden of passwords. These are even more important given that compromised passwords are the cause of around 90% of all web application security breaches. Hence, we should keep in mind that all the security expenditures in the world are useless if we continue to rely on passwords and the authentication process that goes with them.
According to Beyond Identity’s CEO, shifting the responsibility for password security onto the end users doesn’t feel right as they should not have to set up "security measures" themselves. I believe the industry should take over the optimization of customers’ security and I fully recommend reading his thoughts on the benefits of passwordless.
By Daniela La Marca