According to a survey conducted last month by Wakefield Research of 200 IT decision makers, about 70% of companies plan to stop using passwords in the next five years.
Don’t be surprised if your company decides to do away with password logins. A survey conducted last month in the United States by Wakefield Research among 200 IT decision makers shows that the majority of them want to phase out password authentication systems. Thus, 69% of respondents said that in the next five years, the use of passwords will probably completely disappear from their company.
According to SecureAuth, which commissioned the survey, password-based authentication systems, while the norm, have become too vulnerable to hacking. “We can say with certainty that password-based login solutions do not guarantee secure authentication,” said Craig Lund, CEO of SecureAuth yesterday. Adding that “IT decision makers agree on the subject and all are looking for other authentication solutions”. However, it should be noted that SecureAuth sells alternative solutions to password connection systems.
Often the same password for several services
Clearly, recent large-scale hacks that have resulted in the theft of colossal numbers of login credentials prove them right. Last month, Yahoo revealed that a hack of its servers in late 2014 may have stolen the credentials of 500 million user accounts, including email addresses and password hashes. And the fact that users often choose easy-to-guess passwords to secure their accounts doesn’t help the problem. Not to mention also that they use the same password to secure the accounts of other services on the Internet.
Alternative authentication systems, a specialty of SecureAuth, often combine several methods. But the company also offers solutions with one-time passwords. Most of the time, the code is sent to the user on a registered phone or email address. This code, for single use and for a limited period, is then used to identify himself on the site and to access the service. Other SecureAuth methods rely on biometrics. In this case, scanning the user’s fingerprints is necessary. “Other systems analyze the place and time at which the user accesses the service and check that they correspond to the habits of the user”, further explained Craig Lund.
Combine multiple identification methods
Some SecureAuth solutions are able to track keystrokes and mouse movements on a user’s terminal to detect any atypical behavior. “One of our customers is currently in the process of completely eliminating the use of passwords,” said the company’s CEO. In the case of this company, only certain pre-registered devices will be able to access the network. Affected endpoints will be assigned to specific users, and SecureAuth will monitor for abnormal activity, such as remote logins from unusual locations or logins at times when users are not working. “By combining these methods, we can be sure of who users are and where they are connecting from,” said Craig Lund.
But, even though many companies want to get rid of passwords, there are still quite a few challenges. Thus, again according to the Wakefield Research survey, 42% of people questioned declared that switching to another authentication system “risked disrupting the routine of users”, which represented a brake on initiating a radical change in their habits. But 42% also said that the company’s leaders themselves were not always in favor of this development.