Passwords are vanishing before employers’ eyes – and it’s no hoax. Some companies may be alarmed at the disappearance of passwords, but what they don’t know is that passwords were never all that safe to begin with. In fact, they were more of just a longstanding illusion of security.
Passwords started out as six to eight letter words and then evolved to include numbers and special characters. Although these developments seemed to be advancement in security measures, they were actually just variations of the same ineffective and high-risk theme.
Many employees became overwhelmed with the amount of unique passwords they had to remember, so the need for simple passwords trumped the need for security. People began making their work passwords “123456” or simply “password” to avoid any headaches. Others managed to track their plethora of passwords on sticky notes, spreadsheets or even emails.
As unreliable password tracking methods grew in popularity, the inevitable happened. Passwords were lost, security was compromised, and major data breaches became all too common. According to the Identity Theft Resource Center (ITRC), there were no fewer than 781 U.S. data breaches in 2015, resulting in millions of stolen usernames and passwords. The ITRC even went as far as calling data breaches “the third certainty of life” after death and taxes.
And data breaches can run companies dry. The Ponemon Institute’s 2015 Cost of Data Breach Study found the average total cost of a data breach increased 23 percent over the past two years to $3.79 million.
Companies also risk a data breach with departing employees. Ex-employees, whether they know it or not, pose a huge threat to their former employer’s security. If employers don’t revoke access across all company applications, departing employees using a device that still gives them company access can abuse available data or log into company portals.
In addition to controlling information access for departing employees, companies also need to take into account current employees that are moving laterally or vertically through the organization. When employees change roles, employers need to restrict access to data that was available with their previous role. While no employer wants to assume that their employees have malicious intentions, implementing the necessary precautions is better than a potentially damaging data breach.
Not too long ago, people used to use just a few applications to do their work. But now, employees are balancing countless on-premise or cloud work applications. Because these applications cater to multiple areas within a company, the number of work applications has grown exponentially. With so many different applications on hand, how can companies ensure that each one of their apps is secure?
Passwords are no longer a match for cybercriminals’ hacking expertise—gone are the days when cybercriminals were just individuals with a personal agenda. The modern cybercriminal is smart, global, well financed, and part of an organized team.
In addition to outsider threats, enterprises also face threats from within. Whether it impacts employees, partners, or contractors, insider threats are very real. With this in mind, modern enterprises are leaving passwords behind and moving towards more advanced security systems. Companies have entered the era of Identity and Access Management (IAM) solutions. These solutions allow organizations to immediately grant information access to the right people and for the right reasons. Many IAM solutions offer secure single sign-on (SSO), multi-factor authentication, integration with external directories such as Active Directory and OpenLDAP, user provisioning and more.
IAM solutions steer the modern enterprise into a password-free era in two fundamental ways. First, they enable users to authenticate into apps based on a secure identity assertion or token sent to the app without any unsecured, cleartext credentials. Second, they provide users with a strong SSO solution that mitigates the risk of password theft. Additions like one-time password (OTP) push to the phone, or Microsoft’s newly developed Authenticator app that leverages Bluetooth technology to unlock the desktop from the phone, can provide a smooth user experience, pair nicely with SSO and complement a strong IAM solution. With these technologies in place, enterprises can offer users in the enterprise or in a partner, contractor or channel networks a secure and auditable login process.
Modern enterprises need to manage access, but also do so in a way that’s easy and safe for their employees. By leaving passwords behind and implementing a security system that allows employers to seamlessly control information access across all platforms, companies can enhance protection and keep personal data secure.
About the Author:
David Meyer is Vice President of Product and Online Business of OneLogin, Inc. As a product visionary executive, David Meyer has been building groundbreaking enterprise, cloud and consumer software for 20 years in close collaboration with some of the world’s most demanding brands. As OneLogin’s vice president of products, David drives the direction of the product, working closely with customers to build the future of identity. At OneLogin he is responsible for the product roadmap as well as leadership of the product management and engineering teams. Prior to OneLogin, David co-founded and co-led the education company, UniversityNow. Earlier in his career, he served as senior vice president at SAP leading teams that pioneered cloud software and vice president of product management at BEA Systems, Inc. David began his technology career as one of the first employees at Plumtree Software managing QA, engineering, product management, program management, UX and support while driving collaboration and social software into the Fortune 500.
