FEATURE : PASSWORDLESS FUTURE
He said : “ It ’ s important for organisations to think about how passwords and other credentials are stored in IT automation systems like Infrastructure as Code and container build files .”
In Haynes ‘ s experience , machines as well as people have often exposed credentials , causing security compromises . “ The same level of attention , therefore , should apply to how passwords and secrets are managed by our processes , instead of just by our people ,” he said . “ The risks are similar and the results of exposure can be just as serious .” usability , security and deployability . He also said we may find future hope in invisible MFA , which requires factors invisible to the user . But this will not replace passwords yet .
“ In the interim , businesses should outlast attackers by denying them their most precious resource : time ,” Ghosemajumder said .
Mark Belgrove , Head of Cyber Consultancy at Exponential-e
Haynes said a secret management tool – similar to a password manager – can help organisations combat threats , while also performing routine scans of infrastructure .
Buying our time with better passwords
“ If an organisation can significantly increase the time it takes criminals to monetise their attacks , most cybercriminals will abandon the pursuit in favour of weaker targets . Businesses must upgrade password security methods to something secure like bcrypt to slow attackers down before even launching an attack .”
If passwords are at the root of many security challenges , when can we give them up ? F5 ’ s Global Head of AI , Shuman Ghosemajumder , asked that exact question . He believes passwords are “ inconvenient and create numerous security vulnerabilities ”. So why can ’ t we just replace them ?
“ The short answer is : there ’ s not a better method – yet ,” said Ghosemajumder . “ Companies are beholden to their users and while most users claim to value security over convenience , their actions speak otherwise . Even when users ’ accounts are taken over , fewer than one out of 10 will adopt MFA because of the associated complexity and friction .”
According to Ghosemajumder , we ’ ll replace passwords when we find a solution that matches their
While some have suggested the security industry needs to move on from passwords , it ’ s clear they are still a crucial ingredient in the security pie .
Part of that mixture must be filled by MFA , according to Higgins and Belgrove . IT teams must also seek to verify both human and the increasing number of automated accounts operating on our networks .
Cybercrime is a business , Ghosemajumder added as a parting note .
“ Attacks are organised based on a predictable rate of return and until a better method is developed to replace passwords , the most effective preventative measures organisations can put in place are ones that slow attackers down .” p
www . intelligentcio . com INTELLIGENTCIO EUROPE 45