The most recent security baseline report from Microsoft has been making waves in the world of digital security. Experts at Microsoft asset that password-based authentication represents a basic risk to networks. “There’s no question that the state of password security is problematic and has been for a long time,” reads the post. “When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them.”
PASSWORDS AND THE HUMAN FACTOR
Echoing what many Octopus Blog posts have been writing for years, Microsoft unpacks why passwords are, and have been, undermining authentication security: The human factor will forever keep passwords fundamentally weak.
Recognizing the vulnerabilities of passwords, Microsoft decided to make its password policy more lenient.
For years, Microsoft’s security configurations for the latest Windows version included password expiration policies. However, regularly changing passwords does not make any given password more durable: “Periodic password expiration is a defense only against the probability that a password […] will be stolen during its validity interval.” During that period when a password is compromised, “no password expiration policy will help you.” Furthermore, enforcing an expiration policy is logistically challenging and does not guarantee an increase in overall security: “When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords.” Thus, Microsoft no longer offers password expiration policies.
The Secret Double Octopus team is delighted that Microsoft agrees with our mission – passwords are inefficient, expensive, time-consuming, and archaic. They rely too heavily on humans, who tend to forget, expose, or otherwise share credentials unintentionally.
THE END OF PASSWORDS
Many in the industry believed they could ‘solve’ the password problem. Some experts developed elaborate schemes to understand – and shift – the psychology of choosing (weak) passwords. Others have sought to enforce requirements for password strength. Unfortunately, the many attempts at correcting the issue have all proved futile. Weak passwords have consistently been the greatest cause of data breaches.
Passwords are also growing obsolete due to technological advances. Rudimentary hacking tools easily allow cybercriminals to crack relatively complex passwords within hours, and emerging technologies such as quantum computing will inevitably alter the most basic elements of our digital space, including encryption.
In addition to being unreliable, passwords are a pain for enterprises and their IT teams.
Security and usability have always had an inverse relationship: Consider a network with zero access restrictions. For the users, such a system is a breeze to interact with and easily hacked. Conversely, excessive authentication measures may make hacks difficult for cybercriminals, yet they make the platform exceedingly difficult to use. For an enterprise, this dilemma isn’t trivial.
THE BEST OF BOTH WORLDS
The technology of Secret Double Octopus allows companies to completely circumvent this digital catch-22.
The passwordless Octopus Authenticator prevents all of the major hacking techniques plaguing networks today, including phishing, brute force hacks, social engineering ploys, Rainbow Table attacks, and keylogger malware.
Octopus technology also allows users to forget about all their passwords and credential sets: Using the high assurance cryptographic device nearly everyone owns today — such as the smartphone —users can activate authentication with simplicity and ease.
Secret Double Octopus represents the digital authentication of the future — guaranteeing the very highest in assurance and the best user experience.