Search Our Site

We have 3,561,904 registered online learners.
216 new learners so far today.

How is modern business security moving beyond passwords?

schedule 16th February 2018 by Hayley Tillotson in Virtual College

Username and password

Passwords are a staple of corporate cyber security, but they have flaws that many companies are now looking to new technology to move beyond.

Our accounts have been protected by a combination of letters, numbers and special characters since pretty much forever.

However, many within the cyber security sector are calling time on the humble password in light of recent high-profile cyber attacks and the arrival of more secure approaches.

What's actually wrong with passwords?

Chances are you’re reading this article on a device that required some sort of password or character combination to gain access; be it a laptop, tablet or smartphone.

You probably use this device every day, or at least several times a week, but what about accounts you don’t use so often? Many of us would struggle to remember the password for those accounts at a moment’s notice.

The majority of people get around this by adopting one of two approaches. Either they use the same password for every online account (a humongous no-no in the eyes of cyber security professionals) or they have a different password for each account.

Considering the average person has 19 passwords (research suggests), going for the latter method can often require resetting the password to gain access - something that can be time-consuming and frustrating, not only for the user but also the IT departments that have to spend hundreds of hours every year handling passwords issues or the effects of them.

In 2018, passwords are far from perfect and computer scientist Joel Lee did a great job at outlining why.

In his article for MakeUseOf.com, Mr Lee explained how passwords may have served us well in the past, but their ‘all or nothing’ nature just isn’t fit for the future and once a password falls into the wrong hands, then it’s game over.

“Passwords are intangible, they can be compromised by knowledge alone,” he writes.

“In essence, password protection is security through obscurity, a security practice that’s universally lambasted as weak and ineffective.”

Imagine your computer being protected by a padlock on a storage container unit. If someone has the key or even some bolt cutters, they’re free to help themselves to whatever’s inside.

What might replace passwords?

Who said passwords have to be replaced at all? They might not be up to scratch, but that doesn’t mean passwords are entirely useless and should be forever consigned to the history books.

Two-factor authentication means passwords can still play a vital role in online security. By being combined with a security question or other form of identification - for example, texting a code to the user’s mobile phone - they can used to be double-down security.

Meanwhile, the latest mobile phone models can be unlocked with just our face or fingerprint.

Elsewhere, Google announced in the middle of 2016 that it would kill off passwords by the end of the year (maybe a tad optimistic, considering it’s now 2018 and they’re still very much a thing).

Let’s not be snarky though, because the internet giant’s idea seems to have legs. Rather than replace passwords with one super-secure solution, it hopes to mix together many weaker indicators into one solid piece of evidence that leaves no doubt that the user is who they say they are.

Qualities such as face shape and voice pattern, as well as some less obvious traits like how you move, how you type and how you swipe on the screen, are all assessed by the system. The idea is being trialled with “several very large financial institutions”.

Microsoft hasn’t been dragging its heels on devising a new solution either. Its Windows 10 operating system came with the biometric-based Hello function, which looks at the user’s fingerprints, irises and facial features, such as the distance between the eyes, the width of the nose or the shape of the jaw.

How behavioural change can be the best security upgrade of all

As you’ll know by this point, passwords aren’t ‘passed it’ and they’ll probably be widely used 50 years from now. So the most effective security upgrade available lies with the user themselves and how we handle our passwords.

It has been said countless times, but having a secure password that can’t be easily guessed is essential. If you don’t have one already, pick an object, place, colour, number or whatever and combine two of them with the odd capital letter, number and hyphen or pound sign and memorise it.

Passwords aren’t necessarily the problem; it’s how we treat them, and changing our behaviour could stretch the relevant lifespan of passwords for some time yet.


Related resources

virtual-college-logo

Author: Hayley Tillotson

Hayley is a content writer in the marketing team at Virtual College. She has a degree in Journalism and writes articles, blog posts and guides on a variety of topics relating to the e-learning industry. In her spare time she enjoys swimming, reading and creative writing projects.

CPD
investors-in-people-silver
ISO 9001:2015
bcs-accredited-training-partner
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider

Contact

+44 (0)1943 605 976

Virtual College

Marsel House

Ilkley

West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.