Long before the Internet, indeed long before humanity had even discovered electricity (or maybe even fire), there was The Holler.
Hollerin’, also known as yodeling, may have been the world’s first form of identity management. If you were walking across the Alps or central Africa in 5,000 BC, you would announce yourself by singing a warbling tune at the top of your lungs, with your personal melody establishing who you were and what you might want with other people living nearby. It was probably a good way to avoid being speared to death.
Thus, it was perhaps with some unintended irony that we remember Yahoo – a company that suffered the biggest set of password data breaches in history with a billion login credentials stolen – leveraged the Yodel for its classic, never-to-be-forgotten jingle.
Go ahead, sing it now! No one’s listening. “Yahoooooooooooo.”
The company might have wished it had adopted the original caveman access control technique instead of usernames and passwords.
Passwords Won't Be Here Forever
The Yahoo debacle, however, which in reality could have happened to any large organization, shows that passwords are simply not secure. They cannot enforce access controls to protected online assets the way there are meant to. And with consumers frustrated by this and the many other breaches made public in 2016, it was the final swan song (or yodel?) of the password era.
There are several major security flaws in the traditional username and password pair. For one thing, they’re static. They only change when either the user or the online entity decides they need to be changed. Then, they’re almost always centrally stored. The cache that contains them is effectively painted with a giant “Steal Me” sign. Even if your central store is not breached, a theft from other sources could put your own cache at risk.
Even with encryption, password stores are simply too juicy a target for hackers to resist. Storing passwords means exposing yourself to risk. Theft is almost inevitable and, then you’ll surely be hollerin’.
So what is beyond the password era? While user names and passwords may endure for years, many organizations are implementing multifactor authentication as a countermeasure to the threat of data breaches and unauthorized access. MFA is a security technique that requires more than one method to authenticate an application user.
Interested in learning more?
Meet with us at RSA - booth S2826 and make sure to register for our upcoming webinar, "The Consumerization of Authentication" taking place on February 21st.