Sorry, Cyber Bullies — No Passwords @ This Playground …
We are all well-aware that passwords can be hacked, tracked, phished, shared, stolen and compromised. So … why are some organizations still allowing them throughout their ever-expanding connected workplace?
Cyber criminals are constantly lurking in the shadows. To them, lifting a password is like taking candy from a baby. What’s worse, is 67% of companies have password policies — but only 34% actually enforce them.
Pivoting to a passwordless existence might feel daunting and complicated — but proven systems are affordable and often can simply be an extension of your current digital investments. This makes it easy to expand and contract access as needed across your corporate landscape.
HID’s new infographic, The Passwordless Playground, shares some startling statistics around password use, and expands on four rules to follow as you take smart steps to tighten your access points.
Four Rules for the Passwordless Playground
Dig into more details around the following rules as you evolve your organization away from gaping holes that passwords put in your digital perimeter.
- Secure the Sandbox
- Install Secure Apparatus
- Play Without Passwords
- Have FIDO Guard the Lot
Four Acronyms to Anchor Your Access
Speaking of FIDO, that’s one of the “friends” you’ll want to invite to your secure playground. As organizations modernize their systems to defend digital apparatus from cyber bullies, make sure these other important authentication acronyms are on the security scene. The orchestration of all four guarantees maximizes security and user convenience:
- SSO: Single sign-on is a simple, strong access strategy. It allows people to log in just once — at the start of a work session — using a ‘master’ easy-to-use credential that’s stored in a smart card, mobile phone, token, tag or wearable. This access then follows them throughout the day, authenticating in the background as they go. Employees are productive. Data is kept safe.
- MFA: Multi-factor authentication (MFA) is a method we’re all pretty familiar with these days. It requires more than one factor to grant access to a website, system or database. For example, a user will be asked to present two or more pieces of “evidence” proving they are who they say they are — like entering a username and a one-time code that is texted or sent via email — or by being asked to use a fingerprint or facial recognition. Done right, MFA balances protection, encryption and ease-of-use while delivering an efficient and simple sign-on experience for everyone.
- FIDO: A critical part of the layered security approach involves FIDO. Fast Identity Online (FIDO) is a global standard for password-free sign-ins used by some of the world’s biggest online giants — Amazon, Apple, Google, Mastercard, VISA and others. It works like a lock and key to allow online users to confirm their identity without the use of passwords.
- RFID: This is one of our favorite acronyms as it’s what fuels much of HID’s world-class access and authentication designs. Radio frequency identification — or RFID — provides secure, end-to-end encryption, and it’s already in play all around us. We use it when we pay at registers or to access buildings (e.g., when we hover our phones over — or tap a card against — an RFID reader). It’s already used within parking garages, EV charging stations, smart lockers, elevators, secure print, vending machines and more — with use cases being added all the time as people find ways to further connect us securely to the digital things around us.
To summarize, companies need to carefully assess passwordless authentication to find the right combination that best fits their security processes. The daily, first-time authentication provides higher security with a combination of something the user knows (e.g., password), or something the user is (e.g., fingerprint), in combination with something the user has (e.g., FIDO token). When additional authentication is needed throughout the day, the transaction should be faster, using FIDO authentication without password or biometric verification. Adding password protection to the token prevents it from being used without further authentication. This step reduces vulnerability in case someone attempts to use the token before the user reports it as lost or stolen.
Ready to work and play within the Passwordless Playground? Read the infographic >>
Helmut has been in the security business for more than 25 years in various management roles for some of the leading suppliers of a broad range of security solutions. He also holds some patents. Within the last 20 years he has successfully led different engineering, global product management and marketing teams. His portfolio includes one of the first VPN products ever as well as solutions for HW-based encryption solutions in combination with RFID technologies managed by his various teams. He has been with HID now for more than 10 years with a focus on RFID technologies, and is used to challenging the status quo in seeking more customer-friendly solutions and services.