Today is World Password Day, a day of awareness created primarily by security vendors to remind consumers and businesses to maintain better password hygiene and reinforce better digital security practices in general. While the intention of this campaign is noble enough, the purpose of it already seems antiquated. As I wrote in today's edition of SC Magazine:
It's time for passwords to fade away as our primary means of authentication – I believe that the idea of using passwords to access your accounts will soon seem as antiquated as waiting in line at the bank to withdraw cash from a teller. After all, passwords are static – they only change when either the user or the online provider decides they need to be changed. We need something more dynamic, that can adapt to the risk in a given situation.
Consumers aren't very good at creating and remembering robust passwords. And even if they employ a web-based password management application, they risk exposing all of their most important credentials to a centralized system that is inherently vulnerable to hackers. For brands with consumer facing applications, passwords are also a major headache. They represent a risk both to their business from both a financial perspective as well as a frustrating user experience for their customers. Which is why we believe the shift towards dynamic multi-factor authentication is inevitable and why forward-thinking CISO's and Line of Business owners are embracing this approach to authentication:
From a business perspective, this approach of dynamic multi-factor authentication makes a lot of sense because it helps make the right things easy, and the wrong things difficult. Dynamic MFA increases trust between you and your users, while minimising the amount of effort required. From a user perspective, this approach gets closer to the “it just works” model they want, and doesn't lead to the frustration of overly complex password policies (or the risk of using “password123” on every account because anything else seem too complicated).
Will this be the last World Password Day? Probably not. But it likely won't be too long until we forget World Password Day like we do our passwords.