Smart City

Smart City Sentinel

Celebrating World (No) Password Day

By Special Guest
Jackson Shaw, VP, Product Management, One Identity

It’s World Password Day, where we recognize the ubiquitous, troublesome, and most-often-hacked step in any security process. Most people suffer from a love-hate relationship with passwords, which stems from the fact that we know we need them, but we hate the effort required to use them correctly. This results in us not following best practices, creating more vulnerability in our network and to our data. Therefore, I propose we switch to World “No” Password Day.

If we did passwords correctly – and everyone followed the rules – risk would be minimized, but the sheer volume and diversity of systems that need logging into makes it virtually impossible to consistently use strong hack-proof passwords.

According to research, 63 percent of data breaches are linked to weak, reused, or stolen passwords. I would argue that passwords have worn out their welcome and it’s time to look for more secure, manageable, and user-friendly options. We can see it slowly starting to happen in pockets throughout the corporate and consumer worlds. For example, the requirement for smart card authentication in U.S. Federal Government agencies, and fingerprint or facial recognition technologies used on smartphones, it can even be seen in the way that many newer applications have built-in support for stronger authentication methods beyond the standard username/password. These are all great ways we can see progress and where authentication methods are heading.

Even with these new security processes being integrated, from a practical standpoint, we are still far away from the end of passwords. However, it is relatively easy to augment existing password authentication with second factors that integrate a second, more progressive security step. As I noted above, many government agencies are being required to enable legacy applications with Common Access Card (CAC) login. While making this update, the agencies have found that rather than re-architect the application to support CAC, fronting applications with a modern single sign-on solution (SSO) can add the required integration quickly and easily. Similarly, most modern web SSO solutions include support for many multi-factor authentication options.

SSOs not only reduce the number of passwords a person must manage, remember, and reset, but SSOs can also replace the password with a stronger and more convenient authentication method.

Privileged access management (PAM) is perhaps the most troublesome password scenario. There is incredibly high power and risk associated with administrator access since they are the ones with the keys to the kingdom. While it is possible to add multi-factor authentication to legacy privileged password management, any new implementation should include built-in multifactor as well as newer methods such as “push to authenticate”. Push authentication involves sending a notification (via a secure network) to a user's device when accessing a protected resource. Both “push to authenticate” and multifactor are security measures that are virtually impossible for bad actors to steal or fake.

And finally, since passwords will unfortunately remain in use for foreseeable future, let’s look at ways to streamline using them, and ultimately make them irrelevant. . Look for ways to manage passwords through SSO and self-service password reset. Ask yourself how additional security measures (such as adding multi-factor authentication) are affecting users. Are users more likely to follow the rules because security made their lives easier? Or, are they going to look for ways around the rules to facilitate convenience? If your well-intentioned security measures are not going to be followed, you are worse off than if you had not implemented any type of security at all.

So, let’s get in the mindset of celebrating the password as a quaint nostalgic security measure of days gone by and turn our focus on moving on to more progressive and better security authentication methods. Now that would be cause for celebration.

For more on IoT Security solutions, register now for the Industrial IoT Conference and The Smart City Event



Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

'Smart Gas Meter Penetration Rate in Europe Reached 45% in 2023'

By: Alex Passett    3/13/2024

According to new data from Berg Insight, he installed base of smart gas meters in Europe amounted to 55.9 million in 2023, equivalent to a penetration…

Read More

Smarter Grid Planning and Operations: Itron Acquires Elpis Squard to Expand Grid Edge Intelligence Portfolio

By: Alex Passett    3/11/2024

To accelerate the energy transition needs for grid planning, operational and engineering teams and processes, Itron officially announced the strategic…

Read More

IoT Evolution Expo Gold Sponsor Libelium is Changing the Electric Grid with Smart DLR Solutions

By: Alex Passett    2/13/2024

IoT Evolution Expo 2024 is taking place from February 13-15 at the Broward County Convention Center in Fort Lauderdale, Florida. Under the grand umbre…

Read More

A New Record for Connectivity: 'World's Longest-Range Wi-Fi HaLow Solution' Demonstrated by Morse Micro

By: Alex Passett    2/6/2024

Morse Micro recently announced the success of what it has called "the world's first live demonstration of Wi-Fi CERTIFIED HaLow technology extending t…

Read More

'The World's First Smart Rainforest': How NTT and ClimateForce Plan to Use Smart Technology for Environmental Restoration

By: Alex Passett    1/30/2024

ClimateForce and Smart Management Platform (SMP) technology company NTT have announced their partnership with the goal of creating the world's first "…

Read More