Passwords. Why are 6 or 8 or 14 characters (if you're really making an effort) such an issue? For starters, because the password dates back to the dawn of computing. Create one secure, easy-to-remember password during the dawn of computing in 1960? No problem. Fast forward to 2014 where applications, web sites and connected devices have exploded and you have to create 10, 20 or even more secure, easy-to-remember passwords? Good luck. The ever-growing, data-breach statistics highlight the primary challenge with this approach: human weakness.
We all know that good identity security starts with users making smart decisions about how they safeguard sensitive information such as usernames and passwords. We also know that people get lazy, especially when they have to memorize multiple, complex passwords. This inevitable 'human weakness' therefore translates into a system that is no longer usable or secure (if it ever was).
While usernames and passwords may never completely die, our ability to relegate them to a lesser role in authentication (and even eliminate them) is finally reaching a tipping point with mass smartphone adoption. Consider the many options readily available for either augmenting or eliminating passwords with additional layers of authentication security.
Take a look at this infographic, Password, Your Days are Numbered, to see just how big the password problem is and what we can do to move beyond the password for a simpler and more secure identity solution.
Want to embrace a post password world, but don't know where to start? Here are three straightforward places to begin:
Consolidate authentication as a separate service
Single sign-on (SSO) enable your apps to take advantage of consolidated authentication
Replace passwords with a strong authentication service