“Password-killing” authentication efforts may be on a road to nowhere.
The lowly password is much-maligned as being the weakest link in any company’s security defenses. That’s for good reason: It’s a fact that password reuse, a lack of strong passwords, a failure to change them on a regular basis and other human errors plague the efficacy of this de facto standard for authentication. And that, in turn, has spurred start-ups, established security companies, industry coalitions and government agencies to work on concepts for moving beyond it. But the state of play for these efforts is still immature in terms of adoption.
The stakes are of course high: Nearly all data breaches start with compromised passwords. These are harvested via sophisticated phishing, brute force attacks, social engineering, malware exfiltration and more – and yet, the password remains the first, and sometimes only, line of defense against cyberattacks.
According to Digitpol, users should keep passwords in a vault and never use the same password more than once. Passwords need to be changed regularly and 2-Factor needs to be set on all applications.