Are passwords really on their way out?

By Lloyd McCoy, manager

If you don’t have a few passwords swirling around in your head, you’re likely not living a digital life. Passwords have been the default entry to computers and devices for decades. As soon as it became possible for multiple users to have access to the same computer system, so too was the need for some form of identity authentication.

Today, the prevalence of internet banking, personally identifiable information and corporate records stored online have made passwords a prime vector for cyberattacks.

Why are passwords so attractive? One word: convenience.

Studies have shown that most breaches were due to weak or easily guessed passwords. While organizations and individuals can enforce password strength standards, people will still recycle the same passwords for various applications, keep their passwords in unsecured locations or make their passwords susceptible to social engineering. Expediency gets in the way of security. According to a recent report, part of the issue lies with the fact that millennials, who are growing up to be more tech-savvy than the rest of us, will soon become the largest segment of the workforce, and ironically, are less concerned about cyber hygiene. Instead, they’re opting for convenience.

Yet, due to the constant barrage of devastating cyber breaches over the last decade, we see a growing acceptance for alternatives to passwords, or at least not solely relying on them. For several years now, the Department of Defense has sought to get rid of passwords, improving overall network access security without making the authorization process more difficult for authorized users. Many of the largest private firms in the world, like Google and Microsoft, have poured resources into technologies and best practices that move us away from what has become an outdated and deficient approach to security.

What was once a mature market has become dynamic again

More and more organizations and individuals recognize that we need to strengthen authentication. The use of cryptographic “smart” cards, security tokens and development of biometrics has not meant the death knell for passwords but there has been a sea change. Multi-factor authentication (MFA) doesn’t necessarily eliminate the need for passwords but increasingly, it is no longer the lone sentry to networks and applications.

According to IDC, the Identity and Access Management market in North America will reach nearly $4 billion this year, growing at near double digits rates. This growth is primarily due to organizations seeking to replace password-centric approaches with more advanced authentication. In fact, legacy authentication, like passwords, now account for only 4 percent of global identity and access management spending!

The identity and access management space will continue thriving given that there are far too many organizations, devices and individuals still reliant on passwords. For identity and access management vendors, it’s important to remember though that one size doesn’t fit all. To repeat another often used adage, you should know your customer. Customer size, vertical market and regulatory environment factor heavily in how receptive they are to not just moving away from passwords but to the kinds of authentication regimes they require. The rise in mobility, off-premise computing and connected things bring with it both a greater need than ever before for expanded authentication but also more alternatives to relying solely on passwords.

This blog post originally appeared in the Arrow ECS e-magazine.

Want to learn strategies for capturing more public sector business? Reserve your seat for the upcoming Fundamentals of Selling IT to the Federal Government on April 19 in McLean, Va.