Nearly all data breaches begin with compromised passwords, yet the importance of passwords is still being underplayed in society today. Passwords have infamously been dubbed as the weakest link in any company’s security defences and with good reason: Password reuse, a lack of strong password etiquette, failing to change them on a regular basis and other human errors continue to challenge users with this standard authentication. Irrespective of the immature state of its adoption, password alternatives are the way forward and most business owners are now set on finding ways to alleviate the risks involved with password protection.
Cyber attacks usually occur in the form of phishing or brute force attacks, but the password remains the first (and sometimes the only) line of defence against these malicious online attacks. The prevalence of these attacks reiterates the need for effective access protection. Technological advances have opened doors leading towards prospective alternatives for the actual use of passwords but these ideas are far from close to replacing passwords completely.
Password policies should be improved, but this alone cannot mitigate all attacks against passwords. The focal point should be aimed at assessing and implementing the technical controls that can effectively decrease the likelihood and consequences of the majority of identity-related attacks.
Gartner has predicted that, “through the end of 2020, enterprises that invest in new authentication methods and compensating controls will experience 50% fewer identity-related security breaches than peers that do not”.
Companies should ideally look for solutions that improve the use passwords rather than focussing on getting rid of them altogether. There is still effectively only one authentication scheme that is used globally and that every person knows how to use reasonably efficiently. Efforts should be geared towards the advancement of both passwords and their alternatives alike.