How many times have you forgotten one of your many passwords for a cooking website, Netflix login, email, newsletter or your fantasy football league? If you’re like most people, you’ve forgotten a few so far this year. Maybe you use the same or a nearly identical password for some of those services. Sometimes it’s as simple as “12345” and other times it can be “JohnDoeNetflix” and “JohnDoeGmail.”
Today, we face a password problem — and it’s big. Not only do we struggle to remember many different passwords, but we also create unnecessary vulnerabilities when we use simple or similar passwords. Sometimes a user who doesn’t value creating a secure password can take down the most robust system.
Problem Solving by Applying Knowledge
CSO’s Michael Santarcangelo created one of the best lists for understanding the problems that password create and what we need in place to solve them. His criteria for a password system is as follows:
- Allows for strong assurance
- Is easy to protect
- Is simple to use and implement
- Uses strong passwords
- Supports appropriate controls for identity proofing
The criteria can serve as a quick checklist for your cloud partners to help you understand how they feel about security, and where passwords will be useful or a security burden. You may want to look into or suggest options that address some of these factors for your password service.
A few options that can touch on more than one item on the list include:
- Custom security question options that move beyond the typical “where did you grow up” or “what was your high school mascot?”
- Security checks that have background-verification information, such as a previous home address
- Two-factor authentication if you provide a device
- A password reset request that triggers notifications on multiple fronts to catch unauthorized access
New Cases: Biometrics
What’s next in password protection will likely be in biometrics. Retinal scans, face recognition and fingerprint scans are slowly moving from the big screen to the screens we carry in our pockets. These systems are new and interesting, but so far they’ve been hit or miss.
Top players like iOS and Android recommend using all available fingerprint scan slots on the same finger, so it can easily read and unlock your device.
Windows 10 can use cameras and other sensors to scan the user and create a security profile based on biometrics. It’s a great idea, but it’s beyond the capabilities of most Windows 10 hardware. Search the program Windows Hello, and you’ll find articles and forums noting that there’s no option because a platform isn’t powerful enough, even if it’s a PC sold in 2016.
Soon, though, we can expect biometrics to arrive and start replacing many initial authentications, likely alongside passwords. That will be a new milestone, and it’ll come with new technology demands for processing speed in the cloud as systems need to keep, maintain, match and verify both current scans and those on file.
The biometric future simply isn’t available for most enterprises or even most devices. Today, we still need to contend with smart solutions that focus on identity management.
Identity Management Is Paramount
Optimal Federation & Identity Services aims to address the concerns over passwords by providing a federated identity management solution that starts working right away. We push past the traditional password and layer on Windows Integrated Authentication, single-sign-on (SSO) support for multiple applications and specialized authentications such as the Department of Defense Common Access Card (CAC) paradigm.
By placing everything under an SSO with multiple checks, your users will have seamless access to their cloud and on-premise applications, but you have a tool that properly protects your solutions. Application administrators can define roles and create rules for access and restrictions, with the authentication you desire for each step.
We believe that, fundamentally, proper identity management requires collaboration on the part of everyone from the user to the third-party vendor. Controlling access and providing the right restrictions require a blend of data and people intelligence.
By giving our customers a single source of “truth” for identifying people, devices, logins and more, we hope to enable every company to understand the data risks passwords pose and find tech-savvy methods of closing those gaps.