Unusual Gathering Episode XXV | With Stina Ehrensvard and Joseph Carson | March 29, 2019
ITSPmagazine Podcast
English - March 30, 2019 00:22 - 37 minutes - 51.4 MB - ★★★★★ - 15 ratingsTechnology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Unusual Gathering | Episode XXV
Conversations At The Intersection Of IT Security And Society
Guests:
Stina Ehrensvard | Joseph Carson
Hosts:
Sean Martin | Marco Ciappelli
This episode:
It’s a password-less future. Or is it?
Passwords were supposed to be dead 15-20 years ago.
But, hey, here we are still talking about them.
Why?
To begin to answer this question, let’s start with why we are using passwords and what is seriously wrong with them.
Once upon a time, security for computers was a physical key to access the machine in the room. Soon, however, we had to authenticate the user to access what was on the machine, not just the machine itself, so we started with passwords. This wasn’t much of an issue until computers got connected to the Internet and we needed to manage multiple accounts to access multiple things.
Today, depending on what part of the world you live in, you likely have between 20 and 90 accounts that require a password. With this, it became hard to remember, keep track, and even manage the passwords — and user behavior surrounding this challenge has made it pretty easy for the bad actors to make their way in. It’s not that hard to guess (or even crack) someone’s password.
Now that technology is available such that reasonable alternatives can be employed, the question remains — and warrants asking yet again: Is there still a role for passwords in the future?
Given that roughly 80% of breaches today — such as phishing attacks and man-in-the-middle attacks — are due to a compromised password, one has to hope that there is a future where these types of compromises don’t happen at that scale. Only by introducing a multi-factor authentication system to supplement that password model have we been able to protect the user from malicious actors looking to capitalize on stolen or otherwise compromised account credentials.
This begs the next question: Is the future of authentication taking into consideration the growing complexity of devices and real-time, anywhere functionality that has become an intrinsic and fundamental part of the digital ecosystem and data-driven society? Do passwords have a place at the table in this world?
It pretty much boils down to whether or not we continue to augment passwords with additional technologies and processes versus replacing passwords altogether. The challenge with a full replacement is that passwords are relatively cheap to implement from a tech perspective, they are fairly easy to use from a user perspective (just use the same one for everything, right?), and they are replaceable — unlike our biometric authentication options of fingerprints, retina scans and voice recognition methods.
Ultimately, it will probably be a multi-factor authentication world. But if passwords do remain, what is their role going to be? Have we abused the password as a system by applying it everywhere with not enough consideration of the possible negative consequences of this practice, even when paired with a second or multi-factor strategy?
From an individual/societal perspective, the example of cars and seatbelt safety is a fantastic metaphor that holds very true to this scenario from a psychological perspective. Can this same stars-aligning moment happen for access control, authentication and passwords?
________
Learn more about sponsoring the Unusual Gatherings Podcasts:
https://www.itspmagazine.com/talk-show-sponsorships
________
For more Unusual Gatherings:
www.itspmagazine.com/unusual-gatherings