Forget your Password on World Password Day
By: Harpreet Mangat
Last year when we recognized World Password Day I’d hoped it would be the last. Well fast forward to May 7, 2020, and here we are again celebrating the merits of a security tool of yesteryear.
I know I’m not the only person questioning the validity of the day. I have no doubt that if I started a petition among industry peers, we could rename this global day and simply call it — World Password-LESS Day. A day to recognize how organizations are achieving the goal of passwordless and being free to do business in the most secure way.
Saying Goodbye to Passwords
Good news, organizations around the world can and are saying goodbye to passwords. While this currently looks different depending upon the level of secure authentication required by an organization, C-level executives are escalating the transition to passwordless enterprises in an effort to better protect stakeholders, data, and assets.
According to Risk Based Security, more than 8 billion consumer records were breached in 2019 with a significant percentage of those exposing encrypted passwords.
Not surprisingly, awareness for the need to take a different approach to security — to forget the password — has been heightened by the sudden global shift to a remote workforce. Security has taken on a whole new meaning for businesses and organizations around the world.
Where do we begin?
At Axiad we educate our customers daily on the risks of passwords. The biggest question we get from companies about going passwordless is not why but how.
Organizations know they need better security. I think they even understand eliminating passwords will result in better user experience.
So where does a company start?
Two-factor or multi-factor authentication using biometrics and facial recognition, FIDO2, Yubikey tokens and smart cards are all viable and recommended alternatives to passwords and certainly improves the user experience too! The key is assessing the full breadth of an organization’s user population to account for varied access and authentication requirements. One-size doesn’t fit all but this doesn’t necessarily mean the transition to passwordless has to be difficult or impossible. It just has to be thoughtful and thorough.
First, organizations must recognize:
Not all users are equal.
Use cases must be evaluated on a case-by-case basis (no assumptions).
In today’s digitally connected world — beyond people — systems, applications, and machines accessing corporate resources must also be evaluated for secure access.
Once these expectations are in check, it is time to move onto the real work. This is where it is helpful to work with an expert who can ask the right questions to clearly define your organization’s user populations including, privileged users. Specifically, an organization needs to:
Identify the personas (employees, contractors, system administrators, machines, systems)
Determine the use case for each of these personas (access/interactions)
Define the level of risk for each use case
As we’ve learned during this time of lockdown orders and mandates to work-from-home, organizations must be able to confidently access online information and perform digital interactions anytime, anywhere, and from any device securely.
At Axiad, we partner with our customer to empower them to achieve passwordless authentication, so that they are free to do business, communicate, and create value.
We understand every enterprises’ journey is unique. That’s why we believe it’s crucial to understand the pain points and roadblocks to help drive user adoption and achieve rapid, complete deployment.
We’d welcome the opportunity to chat with you to better understand your organization’s unique authentication and identity and access management needs.
Here’s to a password-LESS tomorrow…
About the Author
Harpreet Mangat is the Sr. Director of Marketing at Axiad. Harpreet has over 10 years of UK and US experience within healthcare, logistics and technology industries. Harpreet’s management experience includes roles in branding, internal and external communication, mutli-channel marketing, digital and print advertising, employee engagement, public relations and social media.