February 10, 2020

No Passwords. Ever!

“Remember the Alamo!” “Give me liberty or give me death!” “Tonight, we dine in hell!” There are no shortage of battle cries we have been exposed to in school and Hollywood movies. They tend to be pivotal and moving points that have mobilized a group of people into action against what was thought to be insurmountable odds. While we are not necessarily at war or even in a physical battle, we are coming to a time where a new battle cry is needed to finally spur the masses into action: “No passwords…EVER!”

Do We Really Need Passwords Still?

A Wired article from back in 2012 titled “Do You Really Need a Password You Can Barely Remember?” and reported:

“Eight years ago, Bill Gates predicted that computer passwords were not long for this world. They were the weak link in computer security he said, adding: ‘There’s no doubt that over time people are going to rely less and less on passwords.’”

The article goes on to also report:

“In the trade press, Gates’s prediction was reported as the death knell for passwords. And then eight years went by. During that time, Facebook, Twitter, and Wikipedia added hundreds of millions of users — all of them logging in with plain old passwords — without a single smart card or RSA token. Even Microsoft’s heavily promoted Cardspace easy authentication software was a flop.”

So, it’s now been 16 years since Mr. Gates prediction, and we still seem to maintain our password dependencies. Just like any addiction, it seems that time just keeps flying by and every excuse we can come up with stops us from breaking the cycle. It is always easier to keep doing the same thing and expecting a different result. Our dependency on passwords is no different.

It’s time to take the first steps to break our password addiction. In 12-step programs the first step is to acknowledge the problem, then you are ready to work on the solution. Acknowledging that passwords truly have outlived their effectiveness gives you the freedom to evaluate new AIML-based technologies.

We have also written about “Beyond the Password: What Other Identity Authentication Technologies Are There?” so check out that blog and then begin your life without passwords.

Password Are Persistently Attacked

Yes, it’s true…your login credentials have been compromised. Your passwords have been hacked no matter how complex you’ve made them. Two-factor security is temporal, causes high friction and can be easily intercepted during transmission.

Current multi-factor authentication (MFA) security solutions lack context and rely on too few attributes. Your biometrics are binary, and regardless of how safe a fingerprint or retina scan appears to be, it can be spoofed and cannot be reset, ever. And, there are few, if any, solutions that continuously validate your identity post-authentication. 

Bottomline, as stated above, is that we live in an age where every credential is persistently under attack, so now it is just a matter of separating out what “can” from what “can’t” be prevented in order to develop your identity access management strategy effectively. That should start with eliminating passwords from your strategy altogether.

We Can Live Without Passwords

Dependencies usually start out as something necessary, but they grow into monsters over time. As stated, there is addiction that affects billions of people daily and it doesn’t seem to be acknowledged; that is the addiction to passwords despite the news showing what happens to companies on a daily basis with breaches. Now is the time to evaluate a new approach.

Acceptto’s eGuardian® engine continuously creates and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Behavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

With Acceptto’s Continuous Behavioral Authentication you can ensure:

  • Actionable threat analytics: Real-time, continuous identity monitoring & validation post-authentication.
  • Dynamic authentication: Adjustable, risk-based policy orchestration and continuous enforcement.
  • Credential stuffing neutralized: Eliminate account takeover (ATO) instantly with intelligent contextual MFA.

Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.

 

identity Access Management no passwords continuous behavioral authentication