Biometrics and enterprise – the problem with passwords

Biometrics
(Image: Stockfresh)

Print

PrintPrint
Longform

Read More:

10 February 2016 | 0

Passwords have an image problem and it is not going away any time soon. Unless they are made long and complicated, password-based security measures are just too easy to crack. Where once it took significant hardware to manually crack a password, today software to do it can run on a smart phone.

But with many smart connected devices (SCD) now offering 3D cameras and infrared iris scans for authentication, are many of the identity and access management headaches for enterprise soon to become a thing of the past? Have biometric security measures finally come of age?

Paul_Conaty_web

When Touch ID came in about a year and a half ago, initially the corporate solutions weren’t really set up to use it but then the MDM providers came on board, so now we’re starting to see a lot more customers using touch ID as a factor of authentication for their staff to be able to access internal resources or just even get into their phone to get their email, Paul Conaty, CWSI

“Passwords are becoming easier and easier to crack, because people are walking around with much more powerful computers in their pockets. Building a computer to crack passwords is very cheap and simple to do and to be honest you can even do it with a high-end Android phone,” said Paul Conaty, mobile solutions architect with CWSI.

Forced path
“Companies have been forced to go for much more complex passwords, something most people have probably started encountering. You used to be asked for a four-digit password, then six characters then it became eight characters, now we’re starting to see people trying to have ten and twelve character passwords with alphanumeric plus special characters and not dictionary words. And to be honest that’s not convenient for the end-user — the end-user experience is horrible.”

The result is that people tend to write down difficult to remember passwords in files marked ‘passwords’ or worse, on stick-it notes attached to the very machines used to access the account.

“People do what’s easiest and will try to bypass security if it’s a hassle. They’ll reuse the same password over and over again or will have the same password for all their accounts, just adding a digit at the end. I’ve seen passwords written on notes stuck into phone cases, ready to be found along with the phone if it’s lost. People write them down, share them around an office, maybe type them into a note on their phone or they’ll have it on a Post-it on their desk,” he said.

Read More:



Leave a Reply

Back to Top ↑