Survey shows most companies want to phase out passwords
17 October 2016 | 0
Do not be surprised if your company decides to do away with password log-ins. A new survey has found that most organisations are leaning toward phasing out password authentication.
The results comes from Wakefield Research, which surveyed 200 IT decision makers in the US. Sixty-nine percent of the respondents said they will probably do away with passwords completely in the next five years.
Password log-in systems, though commonplace, are too vulnerable to hacking, according to SecureAuth, the company that commissioned the study. Not surprisingly, SecureAuth sells alternatives to password-based log-ins.
“It’s indisputable that passwords aren’t a safe authentication method,” SecureAuth CEO Craig Lund said on Thursday. “They (the IT decision makers) recognise that and want to get away from them.”
Recent data breaches involving stolen login credentials highlight the problem. Recently, Yahoo reported that a hacking incident from 2014 may have lifted details from 500 million user accounts, including email addresses and hashed passwords.
Not helping the matter is that users sometimes secure their accounts with easily guessable passwords. In other cases, they get lazy and re-use one password for multiple internet accounts.
SecureAuth specialises in other types of log-ins. Typically, they involve a combination of methods, including one-time pass codes. These are sent to the user over a registered phone number or email address as a way to grant access.
Other methods can involve biometrics, such as scanning the user’s fingerprint. Or they can look at the time and place where the user is accessing the service and whether it fits into the person’s normal patterns, he said.
SecureAuth can also go as far as monitoring the keystrokes and mouse movement on a user’s device and analysing them for atypical behaviour.
“One of our clients is actually moving completely away from passwords,” Lund said. When they do, only certain pre-checked devices will be able access the company network. Those devices will be assigned to specific users, and SecureAuth will monitor the access for any abnormal activity, like logins from remote locations or at times when those users don’t normally work.
“By combining all those methods together, we can be confident of who these users are, and where they are,” Lund said.
Although many organisations want to move away from passwords, there are still challenges to doing it. According to the survey, 42% of respondents said a “disruption to users’ daily routine” stood in the way of making changes.
Another 42% said resistance by company executives was a problem.
IDG News Service