Marien Weijl (Pointsharp): “Stop using passwords — and increase security”
Passwords do pose a great security risk to all organizations, as they are often lost, re-used, or simply forgotten. In fact, it takes only 201 seconds, or three minutes and 21 seconds, for a hacker to figure out a password consisting of six letters and numbers. Data breaches, identity theft and similar threats are always among the most common security issues.
By going passwordless in your organization, you can increase your security significantly, make it easier for your users and save a lot of time and money. But what are the alternatives to passwords, and how can skipping them altogether be more secure?
The old threats are evolving
While there are plenty of factors to consider within cybersecurity, the driving forces behind the threats remain largely the same. Data breaches because of lost passwords or identity theft is still as popular as ever. At the same time, the methods are constantly evolving. Especially with the rising popularity of generative AI, giving anyone access to tools for impersonating others through text, voice, or deepfake videos.
By going passwordless, you can significantly raise the security by removing the knowledge-based factor of authentication, the “something you know” factor. Instead, you can replace it with a combination of “something you have”, like Yubikeys, authenticator apps or similar, and “something you are”, like fingerprints, retinal scans, or other biometric factors.
Not only does this take away the ability for bad actors to steal a password, but it also eliminates the need for a user to remember it, greatly reducing common frustrations and password fatigue. At the same time, it saves time and resources by eliminating the often time-consuming password reset procedure.
Make passwords go extinct
On the other hand, many people have proclaimed the death of passwords for, at least, the last 20 years. It’s obviously easier said than done, but at can absolutely be done today.
By eliminating passwords as an authentication method, you increase your overall security. A user might not even be aware that a password has been leaked until it’s too late, especially if that password has been re-used for several services. A lost phone or security key is discovered faster, and its access can be revoked in the access management tool. That identity and access management can also speed up and automate authentication to all applications and services within an organization, not matter whether they are cloud-based or on-premises.
The road to going passwordless is definitely open and possible to embark on today, but as with anything else security related, it involves a good strategy, thorough planning, and, of course, a technical solution that is flexible enough to fit all the needs of your organization.
Others have done it – and so can you
This is why events like Cybersec Netherlands are so important, as they give you the opportunity to speak face to face with both the experts behind the solutions and others who have been on a similar journey. We at Pointsharp are the experts in giving you the right tools that adopts to your specific needs. No matter the authentication method of your choice and no matter the level of security that you require.