January 13, 2020

The Best Password in 2020 Is No Password

Henny Youngman was an American comedian from the early 1900s who was famous for one-liners (short, simple jokes usually delivered rapid-fire) and one most quoted is “The patient says, "Doctor, it hurts when I do this." The doctor says, "Then don't do that!”. This may seem like a blatant statement of the obvious, but when it comes to IT security and how often passwords have been the source of security breaches, the security community appears to ignore this sage advice. Instead of eliminating the problem, we usually get lists of new “best practices” every new year.

Password Best Practices For 2020

Yes, it’s that time again: new year and new decade, so new lists of best practices for everyone to take note and adapt in order to improve their security posture. While there are numerous to choose from, the best seems to be from a CISO Mag article titled “6 Practices to Strengthen Your Password Hygiene in 2020” offers 6 imperative password hygiene security measures for 2020:

  1. Using Two-Factor Authentication: while using 2-FA it is important to not override it for trusted devices as while this eliminates drag for the user, it opens the way for cybercriminals.
  2. Use Passphrases Instead of Passwords: a passphrase such as “I Love My Job 100%” is easy-to-remember, meets the complexity requirements (numbers, letter case and special characters), and is hard to crack because most of the password cracking tools break down at 10 characters.
  3. Observe Proper Web Security: Build a defense system by installing a proper antivirus and anti-malware software on all your devices. Also, make sure that you update these software applications regularly for complete protection.
  4. Avoid Reusing Passwords: Don’t choose your personal information (your name, the names of your spouse or children, your pets) as a password, as these are known to the people who know you. Try to use a different combination of phrases for every account you use.
  5. Protect Your Password List: It’s better to hide any physical records that contain passwords. In case you need to give your credentials to a colleague to get an important file, make sure that you change the password as soon as possible.
  6. Don’t Mix the Business Email Account with Personal: Using a single email account for business and personal correspondence is not recommended. Doing so might lead to massive data loss when someone cracks your password. Multiple email accounts allow you to consolidate all your work emails into a single work account, friends, and family communication in a personal account, and a recreational account for various website registrations.

A World Without Passwords

We have written previously about the tens of millions passwords stolen and about why you should eliminate your password addiction even if it isn’t password reset day. We have also previously written about how “The Password Is Dead: The End of Password Logins, and What Will Replace Them.” So, it is now the time to take up Henny Youngman’s battle cry “Then just don’t do that!”

Continuous Behavioral Authentication Eliminates Passwords

Before you are ready to eliminate passwords from your Identity Access Management strategy, you will need to establish an alternate form of authentication that leverages an immutable form of identity for your employees and customers. Namely, some form of behavioral authentication that also leverages continuous oversight to ensure pre, during and post authorization that the proper person is still utilizing the access.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Intellyx’s whitepaper titled  App Authentication Evolves in a World of Compromised Credentials today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download Intellyx Whitepaper

continuous behavioral authentication passwordless authentication chief information security officer