With World Password Day looming on 5th May, Michael McKinnon, CIO of Tesserent, Australia’s largest ASX-listed cybersecurity company warns Australian businesses to strengthen their defences and not just rely on passwords, given the backdrop of heightened risk of cyber-attacks not just from Russia, but also attackers from other parts of the world.
Why are passwords no longer enough?
“With cyber-attacks at an all-time high, it is critical that Aussie businesses do not rely solely upon passwords for data protection. Strong and unique passwords are critical, but must be accompanied by identity platforms that offer multi-factor authentication or biometrics. Never underestimate the ability for threat actors to easily steal and crack passwords,” he warns.
Tesserent, through its Innovation Division, acquired a stake in Daltrey, whose biometric technology enables an organisation’s users to prove who they are quickly and securely, in both digital and physical scenarios, without the need for passwords or swipe cards.
“With global cybersecurity challenges constantly evolving, passwords as a sole protector are no longer enough, and haven’t been for a while. If your business doesn’t do more, then you’re already well behind the curve and at significant risk,” Michael further commennted.
The concept of using passwords is not new. People have been using passwords for thousands of years. But in today’s world where correctly authenticating a user can carry critical importance, a password, without any other form of authentication, is not enough. Additional protections like identity platforms and multi-factor authentication are must-haves.
How can companies set up their security protocols?
Michael says that most firms still rely on outdated policies like asking staff to update passwords often which has proven to make life harder for users and even weaken security.
Back in 2003, Engineer Bill Burr from National Institute of Standards and Technology (NIST), created many of the password rules, and he now regrets the guidelines he wrote. However, passwords still have a place as firms transition to other tools for validating identity.
Michael stresses the best approach is to look for authentication tools that are easy to use and proven to strengthen security. “Facial and fingerprint recognition on smartphones proves it’s possible to create strong but simple ways to prove your identity,” Michael said.
“These can work alongside passwords, allowing firms to transition to new authentication tools and methods. One-time password generators, biometrics and multi-factor authentication are all mature technologies that rely on established standards that can be leveraged by organisations to protect their valuable information assets,” Michael concluded.