Published on SC Media on May 23 2017, by Raz Rafaeli
Passwords will start to pass away: For years, security experts have slammed passwords, and in its annual prediction of trends, KPMG has declared 2017 the year that passwords finally start to go away. As the reports makes clear:
“The security and the business community are starting to realize that they need a more sophisticated approach to authenticating people and their actions.”
To make single-factor authentication work, users need to do a lot of work – like coming up with long, complicated passwords and changing them frequently.
That’s difficult for most people, and the alternative that many companies, including Google and Facebook, have come to rely upon – a two-factor authentication system with text messages as the second authenticator – is far from safe, NIST says. In its draft proposal, NIST recommends moving away from SMS as an authentication method, because messages are too easy to hack.
SMS “doesn’t have the strength of device authentication mechanisms inherent in the other authenticators allowable” in NIST standards, according to the agency. For more information, just ask DeRay Mckesson – the Black Lives Matter activist who, thanks to the security faults in 2FA, ended up “endorsing” Donald Trump for President, much to his chagrin.
Instead, industry experts predict that authentication is headed towards push notifications. According to a recent Gartner report, 50 percent of enterprises using mobile authentication will by 2020 adopt OOB mobile push as a mainstay of authentication, compared to just the 10 percent who are using it today. NIST confirms this saying that the push authentication was amongst the most secure methods of authentication available today.