Technology has helped organizations adapt to rapidly changing economic and political situations over the last few years, including when the COVID-19 pandemic forced offices to close. While IT professionals are thankful for new and emerging technologies that help their businesses meet those challenges head on, they come with another set of issues: more passwords to manage.
While companies like Microsoft and Google are using World Password Day to encourage organizations to move toward more passwordless solutions and different forms of authentication, passwords are still very much a part of the IT infrastructure at most organizations.
According to a recent IDC study commissioned by password manager LastPass, 83% of security breaches leveraged an identity-related compromise, such as phishing, suggesting a clear need for better identity and access management solutions.
The study found that balancing security requirements and user experience for employees is the top identity challenge for IT professionals, followed closely by employees struggling with too many passwords at 32%.
“This really speaks to the prevalence and just how pervasive password problems really are in organization,” says Katie Petrillo, director of product marketing at LastPass, in an interview with TechDecisions.
According to Petrillo, the study indicates that these password and identity challenges are not new at all, but have been heightened due to the pandemic and rise of cyberattacks targeting user credentials.
While acknowledging that passwords are “one of the oldest aspects of the internet and super outdated,” the fact is that they remain the center of attention when it comes to account security.
“They seem mundane and antiquated, but we’re having so much conversation around them still, and needing to solve for them,” Petrillo says.
IT giants such as Google, Microsoft, Apple and others have been pushing passwordless solutions, and Petrillo acknowledges that day may indeed come some point down the road, but not overnight due to the sheer number of passwords and the massive overhaul of IT architecture that would be involved in such a drastic shift, Petrillo says.
Another study, this one from password manager provider Bitwarden, finds that 85% of Americans reuse passwords across multiple sites, and about half rely on their memory alone to manage passwords.
Even more alarming is the study’s finding that just 32% of Americans are required to use a password at work.
According to Gary Orenstein, chief customer officer at Bitwarden, the proliferation of the cloud, software-as-a-service (SaaS) and single sign-on (SSO) are all key reasons. However, passwords have still not gone away, and they won’t for a while.
“But sort of in the midst of all that, there was a little bit of forgetting that we have to start from square one, which is how do we help people with generating a strong and unique password? There’s still a wide range of things beyond the world of SSO—everything from the office Wi-Fi password to some service that may not be SSO enabled,” Orenstein says.
While tech giants are paving the way for more passwordless experiences, Orenstein says password managers can still play a part.
“I live a virtually passwordless life today with how I use Bitwarden,” Orenstein says. “I log in with biometrics if I need to go to a new website and log in Bitwarden and have it generate a strong and unique password for me. I’m auto-filling my passwords, not typing them in anywhere because Bitwarden does all the auto-filling.”
Orenstein points to emerging standards such as FIDO2, which Bitwarden actually supports as a passwordless authentication capability.
Other methods such as security keys and biometrics can be integrated with existing identity solutions from SSO providers to become part of the solution that gets organizations to a passwordless environment, he says.
“I think there is a merging,” Orenstein says.
Leave a Reply