Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Are passwords still fit for purpose?

Are passwords still fit for purpose?

by Adi Gaskell
10 July 2020
in Security
0
Businessman working on laptop.
42
SHARES

Amidst the rise in cybersecurity issues that have accompanied the coronavirus pandemic, the foremost means of hacking into a system remains the result of weak password security. The humble password has been at the forefront of cybersecurity since the earliest digital devices, and it remains the bulwark of our defenses today.

This is largely because passwords are very easy to use, and even if they’re compromised, they can be easily replaced. What’s more, they don’t suffer from compatibility issues, and you don’t need any additional hardware to use them. They’re also incredibly cheap to implement, so organizations across the world love using them. The problem is, passwords can be compromised in a panapole of different ways, rendering them a fairly porous first line of defense against hackers.

This doesn’t appear to be dissuading us from using them, however, as data from the 2020 Thales Access Management Index reveals. Their study of around 400 senior IT decision-makers from across Europe and the Middle East, revealed that nearly 1 in 3 organizations still see the humble username and password as one of their most effective security tools.

Wedded to a failing method

What’s more, despite the late Fernando Corbato, the creator of the static password, regularly stating in recent years that passwords are a poor approach to security, the Thales data found that 67% of organizations are likely to grow their use of usernames and passwords in the years ahead. For many IT managers, this is because the username and password combination is very well known at board level, which makes it a much easier sell than any more complex, yet effective, methods.

The survey goes on to reveal that security concerns are growing across the EMEA region, with the majority of IT managers highlighting that unprotected infrastructure was their main concern. As a result, Thales believe that any organization relying on passwords to keep such important infrastructure secure are leaving themselves extremely vulnerable.

“As more and more businesses move to adopt cloud-based services for CRM, email, employee collaboration, and IT infrastructure as part of their digital transformation strategies, the struggle to extend old solutions, designed to protect internal resources, to the outside world becomes very problematic,” Francois Lasnier, Vice President for Access Management at Thales, says. “Often, in an effort to adapt to the new working habits of users connecting from anywhere, which is increasingly pertinent right now and will become standard moving forward, businesses tend to revert back to old password-based logins for cloud services in despair. This is knowingly increasing their security exposure to credential stuffing and phishing attacks.”

Security versus convenience

With the coronavirus forcing so many of us to work from home, often with quite ad hoc systems, there is a clear desire among many organizations to plump for convenience over security to ensure that their workforce can remain plugged in. This is reflected in the Thales data, with nearly 70% of IT managers revealing they had been put under pressure to ensure that convenient access to applications and cloud services was provided to employees. That they were also being pressured to ensure this access was given in a secure way underlines the challenges faced.

A common solution to this conundrum appears to be strong authentication and access management solutions, which nearly all respondents revealed they were using to facilitate cloud adoption in a secure manner. Over three-quarters of IT managers also thought that employee authentication needed to do more to support secure access to a wide range of services, whether in the cloud or on virtual private networks.

The strong support for passwords had prompted many IT managers to try and make them more robust. For instance, nearly all had updated their security policies around access management in the past year, with around half providing staff with specific training on access management. While this has roots in better security, there is also a strong compliance angle, with nearly all European IT managers citing GDPR compliance as a key factor in their attempts to bolster access management procedures.

It’s likely to be an ongoing battle, however, and IT managers hope that greater awareness of cybersecurity, and indeed the presence of IT executives on company boards, will encourage greater investment into things such as biometric authentication and smart SSO. Despite general optimism towards these technologies, many still believe the use of usernames and passwords will continue in the years ahead.

“For a long time, the biggest battle IT leaders have faced is increasing board awareness around taking the threat of security seriously,” Lasnier concludes. “Now that they have that buy-in, the focus should be on highlighting the importance access management plays in implementing a zero-trust security policy to their executive management. With this in place, risk management professionals will be able to put in place a ‘Protect Everywhere – Trust Nobody’ approach as they expand in the cloud.”

Share42TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.