Whilst the password may not yet be truly dead, disruptive technology is certainly leading the charge in causing it to evolve through a process of nurture rather than nature. The motivation behind adopting innovative methods by which user identity can be verified is apparent to all; the frustrating shortcomings of single sign-on authentication.
One of the key reasons behind user frustration is repeated requests to diversify chosen passwords with a mandated series of letters, characters and numbers are the lack of guidance offered by providers. This leads to complex passwords which are quickly forgotten by the user and the initial frustration it produces being compounded by the fact that such requests are repeated across multiple platforms leading to several difficult to create, and equally forgettable passwords per user.
Much of this frustration could be forgiven if complex passwords led to increased security for both the enterprise and the end user. Sadly, rather than produce such a result, research shows that there is a limited, if not marginal, net gain in such practices. The reality is that most password breaches are conducted via keystroke malware and email-based phishing. Quite simply, the proposed value gained and whether your password is complex or simple, a highly inventive combination of letters, characters and numbers, or your date of birth, matters much less than people realise because hostile actors can utilise existing technology to circumvent proposed safeguards against the capturing of such information.
What is required is a focus on password security through user education regarding the tactics deployed by hostile actors and an explanation as to why it is that an initial attempt at applying a password to an account was not suitable to ensure security. Rather than be told ‘’that password is too weak, choose another’ users should be told why it is too weak, how it can be made better and why it matters. Providers should also begin to implement at a greater rate than currently done alternative forms of authentication ranging from 2FA, MFA, iris scanning, fingerprint scanning, security tokens to name but a few.
Recent studies have shown that measured and effective guidance has proven to improve password security, inform users and ensure better relations between providers and customers. Enhancing security by improving user behaviour is key if there is to be further evolution through nurturing the producer-consumer relationship. Equally true is the need for providers to both assist the end user and secure their own systems through adoption of leading technological innovations which serve as an additional layer of defence against hostile actors.
The password is not dead, but it is certainly changing in order to meet the growing challenge of meeting user needs and the technologically dynamic cyber threat. Join us in Frankfurt, Germany on 14 March 2019 for our next IDM conference. For more details on the agenda and how to register your delegate pass, take a look at IDM Europe 2019.