Problems with Passwords
Are passwords the weakest link in cybersecurity? We all know that it is risky to authenticate workers, citizens, and customers with passwords. The proof is in the seemingly endless list of credential-based security breaches that we see in the news every day.
There is also no doubting the devastating business impact of these breaches. It’s estimated that the average ransomware payment reaches almost $1.5 million and the average cost of business interruption from ransomware tops $5 million, according to a Lockton report.
But what is actually the root cause of all of these breaches? Passwords really aren’t the problem. It’s anonymous users hiding behind compromised credentials that represent the weakest link in cyber security.
What can we use instead of passwords that will prevent these breaches and keep our workforce, citizens, and customers safe? And when we finally decide to go passwordless, what should our strategy be? If eliminating passwords isn’t enough, what are the three things that are missing in your current passwordless strategy?
1. Password Reset
When you go passwordless, it’s almost impossible to get rid of all of your passwords simultaneously. That’s why it’s important to build a password reset mechanism into your passwordless strategy. With BlockID Workforce, the user never has to contact the help desk to reset a legacy password. Instead, all a user needs to do is open the account screen on his or her BlockID application, select the persona associated with the invalid password, enter and confirm a new password, and authenticate with LiveID. Not only does self-service password reset create a substantially easier user experience, it also saves your company $50-$70 each time a user doesn’t need to contact the help desk to reset their password. Another benefit with 1Kosmos legacy password self-service is that in less than 30 minutes, BlockID can integrate with your workstation, network, cloud apps, remote access solutions, or identity platforms.
You work with a multitude of platforms, all with a multitude of requirements and technologies, making it difficult to scale, securely manage, and modernize. Today one of the biggest challenges organizations face is interoperability. Interoperability is one of the limiting factors to digital transformations and passwordless experiences. You need to blend the new with the old to deliver services and data securely and efficiently. But how? You can’t rip and replace everything as that’s cost-prohibitive. When looking to new security standards your investment needs to look beyond the problem at hand. Many times when asking prospects what their 1-3-5 year road map is, they don’t have one, and that’s a problem. Without a plan, we end up with siloed infrastructures held together with duct tape and hope. So when investing in new technologies there are a couple of questions you need to ask yourself:
- Is it built on modern architectures, and will it meet demands beyond my current needs?
- Does it have open APIs and an SDK so that you can integrate with new and old technologies?
- Can it scale to meet current and future requirements?
- Is it certified? Does the technology adhere to industry standards and regulations like – ISO/IEC 27001, Kantara for Identity Proofing, FIDO for Passwordless and iBeta Biometric certification, etc.?
Answering these questions can set you on the path to success as you’ll implement a technology that is fit for purpose and will grow with the business. You’ll be able to connect the old with the new while you continue down your modernization path keeping everything online, accessible and secure.
Identity is the foundational element to security. It’s critical you know who is accessing resources, so you can better determine what they should or shouldn’t have access to. The more you know about that identity the better. That’s why the 1Kosmos BlockID platform ensures that individuals are who they claim to be by using an identity-based approach to authentication. We bring worker, citizen, and customer identity into the security perimeter so that organizations know with certainty who is accessing IT assets and online services.
This means we have a quick and convenient way for users to self verify their identity using government, telco, and banking credentials. Then, once verified, workers, citizens, and customers use their digital identity to be utilized at login or transaction approval. This provides users with a frictionless experience and organizations with a high level of assurance for the identity on the other side of the digital connection.
By adding identity as a key pillar to network security, we help CISOs and Digital Experience leaders regain control of their IT services from anonymous users hiding behind compromised logins. With identity based authentication, organizations will no longer be held hostage to data breaches, ransomware, and financial fraud perpetrated via identity deception.
Are you interested in learning more? Edward Amoroso and I dig much deeper into all three of these points in our on-demand webinar, Identity-Based Authentication and the Journey to Passwordless. Watch the session to explore passwordless security, zero trust, and understanding who is on the other side of your digital connections.