Share this article on:
Passwords have undergone an evolution in recent years and with good reason.
The tendency for password recycling, as well as the unending possibilities for password theft, have rendered conventional passwords ineffective for the needs of today’s business environment.
In its place, other alternatives like one-time passwords (OTPs), two-factor authentication (2FA), multifactor authentication (MFA), and even biometric authentication methods have emerged. Yet, when even facial recognition or fingerprint-based authentication has proven fallible, the reality businesses must reckon with is that these methods alone simply will not suffice as the last line of defence against malicious cyber actors.
Instead, the risks present today necessitate a multi-pronged approach to securing identities and, by extension, businesses. A passwordless approach affords IT teams better control over the organisation’s overall identity management strategy by eliminating compromised passwords as a vulnerability. Using device or security keys also improves employees’ convenience while reducing IT complexities. However, in an age of quickly advancing artificial intelligence (AI)-based cyber attacks, where publicly available biometric information can be used to launch attacks, a passwordless approach on its own is not a guarantee.
Instead, passwordless authentication methods should be integrated with intelligent and automated identity management solutions that boost security for businesses by ensuring the right level of access is being allocated to the right users via a single digital identity. After all, the crux of the matter is that while passwords can be a gateway that is exploited, malicious actors often weasel their way through business systems that do not have privileged access practices.
This is especially critical today, given that organisations are more reliant than ever on third-party vendors and non-employees for contingency labour. By controlling the level of access that employees and non-employees alike have, businesses can then nip illegitimate attempts to access privileged information or systems in the bud — having visibility across their organisation and, therefore, first knowledge of irregular activity.
Ultimately, businesses are set to manage an explosive growth in digital identities, catalysed by increasing reliance on the internet of things (IoT) and robotic process automation (RPA) technologies, as well as growing digital work environments. With that, moving towards a passwordless future is just one piece of the puzzle.
For businesses to truly shore up their overall cyber security postures and prevent password-related threats, it will be crucial to incorporate identity management into the mix.
Chern-Yue Boey is the senior vice-president, Asia-Pacific region, for SailPoint.