Raul Presa
Socio, �Crowe Argentina
In recent years the understanding of what the most critical criteria of what makes a password most secure has transitioned from complexity of the password to the length of the password, or pass phrases. However, weak passwords continue to be a target of attackers and common vulnerability in attacks...
Read more
Optional eyebrow
Viewpoints from Crowe
Optional eyebrow
Viewpoints from Crowe
In recent years the understanding of what the most critical criteria of what makes a password most
secure has transitioned from complexity of the password to the length of the password, or pass phrases. However, weak passwords continue to be a target of attackers and common vulnerability in attacks.
The criticality of password security, specifically the use of multi-factor authentication (MFA), has become more of a focus as organizations have supported a more robust remote working capability during the pandemic. Additionally, insurance companies have started demanding organizations have MFA as a requirement of cybersecurity coverage. Most organizations focus on MFA though smartphone notifications or one-time passcodes (OTP).
Adoption of security controls is always more successful when the impact on users is minimized. Lower-friction authe ntication solutions help achieve this goal of increasing security without increasing complexity. Innovations in authentication security will continue to push the boundaries of secure authentication, further reducing friction without sacrificing security.
In addition, these innovations will help with the success of zero-trust infrastructures. Organizations leveraging behavioral biometrics report fewer breaches. Leveraging frictionless solutions will help seamlessly authenticate a user when accessing organizational resources, establishing trust at the time resources are being requested.
The frequency and impact of data security incidents will continue to grow until organizations adopt more advanced security controls. Innovation within authentication solutions will be imperative to support future security programs that are resilient in the face of ever-evolving threats.
When it comes to logical security, the password is the go-to method for most organizations, with nearly 90 percent of them relying on it as their primary security mechanism.
Indeed, to varying degrees, most people know that passwords have been, are, and will continue to be a known weakness and a target for anyone looking to breach security. Several factors contribute to this:�
The difficulty of maintaining complex passwords for multiple accounts
The lack of a structure to support the maintenance of complex passwords: although many sites or applications require them, it seems that solving this issue is solely the user’s responsibility
The tendency of individuals to minimize risks and avoid the complications associated with using and maintaining complex and unique passwords
�To improve this situation, multi-factor authentication combines at least two of the following aspects:�
What the individual is (biometric data)
What they know (password)
What they have (physical or logical token)
However, in an era where artificial intelligence (AI) is making tremendous progress, how long will it be before biometric authentication factors can no longer be trusted?
It's important to remember that, despite the progress in AI and other technologies, we are still far from eliminating passwords. Therefore, it's crucial to incorporate “what the individual has” into the authentication mechanisms. Equally important is maintaining a high level of individual awareness of security issues, ensuring that authentication efforts cover the entire organization, and having robust internal controls in place for when technology inevitably fails.
National Head of Private Clients, Crowe UK
Raul Presa
