Since the dawn of the computer age, a combination of username and password has become the standard way to authenticate identity to log on to a computer or a network.
However, like the swords, spears and shields those long-gone guards relied upon for protection, the password has outlived its usefulness.
The time has come to ditch passwords once and for all because they no longer provide the protection that we require in any increasingly online world. Indeed, passwords can often act against our interests by providing a false sense of security.
There are many reasons why the password is no longer fit for purpose, including the good ones are too hard to remember; we need too many of them; and changing them regularly is a pain. As a result, many people resort to poor password practices to get access to the online resources they need.
To add insult to injury those who do the right thing and pick strong passwords are finding their efforts in vain as hackers are using vast bot-nets to brute force even the best passwords. Basically passwords can no longer be considered secure, no matter how much the “you must pick strong passwords” chant is repeated.
SmartCompany cited evidence of this laxity in a recent article, The 25 worst passwords: “It’s like putting a cheap padlock on your front door”, which listed the 25 most common passwords, compiled from more than 3.3 million leaked passwords during the past year.
The five worst passwords – in order – were 123456; password; 12345; 12345678; and qwerty.
It’s enough to make security managers worldwide put their heads in their hands and weep. Recent events prove it’s no longer possible to rely on passwords to protect confidential information, particularly if you are an enterprise.
Major security breaches during the past year at tier one companies, including eBay and JP Morgan, demonstrate the dire consequences of password dependence. According to a report in the New York Times, hackers were able to steal information about more than 83 million JP Morgan Chase customers after obtaining the credentials of a JP Morgan employee with privileged access to servers containing that customer data.
In a nutshell, the core problem with passwords is that they have passed their use-by date.
The good news is that it does not have to be this way. Like the swords, spears and shields of yore, we can finally retire the password to the dustbin of history because there is a better way.
At Centrify, we say that “identity is the new perimeter.” We enable you to eschew password dependence for securing devices, networks and services by offering Identity Management (IdM) through Identity-as-a-Service (IDaaS) in our Centrify Suite.
Centrify’s 100 percent cloud-based service secures the identity of individual users, who can be aggregated into groups with distinct privileges for accessing resources required to do their jobs. Centrify eliminates the reliance on passwords by providing convenient, quick and easy multi-factor authentication that can be selectively applied to assets and applications.
During the past two years, Centrify has established itself as a global leader in IDaaS by leveraging more than a decade of IdM expertise with enterprise-level Active Directory-based federated identity services. Centrify provides users with the ease and convenience of Single Sign-On while giving administrators a single location from which to add, modify and remove user accounts.
Centrify provides protection not just for corporations – although that is where our value proposition shines brightest. IDaaS from Centrify is both available and affordable for anyone, from an individual or micro-business up to a Fortune 500 company.
The first step towards true online security is to recognize that your password can no longer protect you. The next step is to visit Centrify at www.centrify.com.