Who is Next? What the Latest High-Profile Security Breaches Should Tell Us About Passwords

We previously posted a blog looking at the recent spate of high-profile hacks, and posed the question, “Are celebrities any worse at choosing their passwords, or are we all as bad as each other?” The question now seems to be “Who’s next?”

The recent iCloud hacks proved that we are all at risk of a security breach, whether we are a celebrity, with a large or small organization, or are simply a consumer using an online service or application. In reality, the question should not be “Who’s next?” Instead, our main considerations should be “How do we learn from this?”, “How do we ensure that history doesn’t repeat itself?” and “How do we avoid becoming tomorrow’s headline?”

There is no definitive means of securing sensitive data, and the burden of protecting personal information seems to be a challenging issue resting on the shoulders of many. Password protection has been the common and most obvious model of security and data protection for many years, but it also appears to be one of the most frustrating.

According to Centrify research published last month, passwords are becoming the bane of our lives. The survey of 1,000 UK consumers revealed that forgetting a password for an online account is more annoying than misplacing keys, a mobile phone battery dying, or getting spam email. Only a computer program crashing or freezing while sending email is more annoying.

Blog statsPeople’s frustrations have now reached unprecedented levels, as we constantly struggle to manage multiple passwords. According to the survey, over a quarter of us now enter a password online more than 10 times a day – that could be as much as 4,000 times a year. We’re told not to write them down or use the same one, so it’s becoming increasingly difficult to stay in control of our passwords and remember them all.

With nearly half (42 percent) of us creating at least one new online account profile every week – more than 50 a year – the problem with password management will get even worse, and our survey highlighted that the majority have little faith in password security, with just 15 percent believing their passwords are “very secure.”

So, what’s the solution? Use a single mechanism for identifying who you are online. Without question we need a better way of being able to convey our identity to a server. A solution such as Single (or “zero”) Sign-On (SSO) will permit a user to enter one name and password in order to access multiple applications. The process eliminates ongoing prompts for passwords and login credentials as different applications are accessed.

SSO simplifies the end user experience and enhances IT security and control. Users have to remember only one username and password to access all of their applications, whether they are in the cloud or on-premises; or from their laptop, workstation or mobile devices, wherever they may be.

Whether it’s unified identity management, SSO or multi-factor authentication, the recent high profile breaches highlight the need for a radical new approach to security. There are more reliable means to securing our data than simply depending on passwords alone, and it’s time we started using them.