Cybersecurity

The death of passwords

Tagged: Passwords MFA SSO

This topic contains 2 replies, has 3 voices, and was last updated by nmaida 8 months, 1 week ago.

Creator

Topic
2018-07-17 at 15:35 #43220

shalendra23
Participant

In 2004, Bill Gates predicted the death of passwords

Interested to find out your opinions on the relative need for the conventional password, both for secure server and network infrastructure and for the end users of a company?

Considering the alternatives

MFA and SSO
Multi-Factor Authentication for their networks and employees.

Single Sign-On has become more important with the rise of cloud computing and the need to access business applications from multiple devices, it is a definite security risk. The system will generate a random and temporary code that will be sent to you by SMS every time you try to log in
Creator

Topic

Author

Replies
2018-07-17 at 21:45 #43229

claytonm
Participant

The use of passwords creates a level of risk that will eventually become intolerable. Users are challenged with remembering passwords and they employ tactics that render it fairly insecure. Other authentication methods like facial recognition, finger print, etc. will soon replace the troublesome password.
2018-07-18 at 08:26 #43231

nmaida
Moderator

Conventional password methods can be compromised easily by guessing (usually gaining information about the target), using a brute-force attack (trial-and-error method), and/or a dictionary attack (using known words and phrases), along with other non-conventional methods. Multi-Factor Authentication (MFA) like you had mentioned, is a greater alternative to the generic username and password method. Many companies give the end-users and their employees the ability to enable MFA to better secure the information they are protecting. MFA adds to the generic password method by adding a second layer of security of either something you have (random generated token, physical access card, etc.) and/or something you are (fingerprint, facial features or eyes, etc.). Its important to know that MFA does not provide full security and still can be compromised. Same goes with single sign-on method as you had mentioned. So I would say rather than seeing the end of passwords, we are seeing a more layered approach of security to the generic method of a single password.
Author

Replies

You must be logged in to reply to this topic.

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - JFAC/DAU/CSIAC Cyber Experiment (CYBEX)

This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX). In addition to evaluating newly developed SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental SwA issues as well as adopting common language in the areas of functionality and risk in order to identify issues early.

Read the Report

CSIAC Report - Emerging Developments in Cyberlaw: 2019

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of emerging developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from cloud providers, and cyber insurance.

View the Slides

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal