Editor’s Note: Welcome to our weekly Reality Check column where C-level executives and advisory firms from across the mobile industry share unique insights and experiences.
Everywhere we turn, security experts, news anchors and consumers are telling us how vulnerable our passwords are. I’ve read dozens of articles in the last month alone containing tips on how to protect my password, tips for proper password hygiene and data showing the most widely used passwords.
The definition of insanity is doing the same thing over and over and expecting a different result, so why are we so stuck on using passwords for authentication?
Traditional passwords – even those containing numbers, letters, both uppercase and lowercase, and symbols – are just not good enough anymore. Hackers, like those who attacked LivingSocial and Twitter, are actively trying to gain access to passwords that are stored on company servers. And while there are people who are spending an inordinate amount of time trying to gain access to our passwords, the consumerization of IT means that people are just handing their passwords out. As people constantly take care of both personal and company tasks on the run, they are entering sensitive information, namely passwords, into laptops and mobile devices in plain sight. Anyone can glance over as you enter your password, and how would you know? You were too busy staring at the screen to make sure you were typing it in correctly.
Ironically, the industry has known about the problems with passwords even before the explosion of the Internet. Dual factor authentication or multi-factor authentication has been around for decades in which users need something physical combined with something in committed to memory, a password, in order to gain access. One of the most common examples of this is your ATM card and PIN number. One is useless without the other, adding an extra layer of security.
Now that biometrics is becoming more commonplace, as opposed to sci-fi-only, MFA is becoming easier to implement and more secure. Now, MFA includes a physical item, like a smartcard, something committed to memory, a password, and something that is solely yours, a fingerprint or other biometric piece of information.
Apple’s recent announcement of iTouch was a step in the right direction, but again, the company is leaving biometrics as the only method of authentication instead of pairing it with a password. Although government agencies are using more secure methods of authentication, I am excited to see when enterprises begin demanding MFA in order to better protect their and their customers’ data.
Tom Kemp is co-founder and CEO of Centrify Corporation, a software and cloud security provider that delivers solutions that centrally control, secure and audit access to on-premise and cloud-based systems, applications and devices. Under his leadership Centrify has become one of the fastest growing security vendors in the industry and has amassed over 4,500 customers including nearly 50% of the Fortune 50. Prior to Centrify Kemp held various executive, technical and marketing roles at NetIQ Corporation, Compuware Corporation, EcoSystems Software and Oracle Corporation. Mr. Kemp was also an Entrepreneur in Residence at Mayfield, a leading venture capital firm. He is an avid blogger on both the Centrify website and for Forbes.com. He holds a Bachelor of Science degree in computer science and in history from the University of Michigan.