If recent security breaches are anything to come by, the idea that password is the root of all digital evil wouldn’t fade away any time soon. From an entreprise perspective, resources within an organisation need to be restricted to authorised users, while individuals have a password in check for the near-same reason and to stay protected likewise.
Most organisations have created a contrivance these days in wanting to address security concerns by attempting to implement stronger password policies, which at the end, necessitates employees to remember two or more passwords for the different protocol stacks — application, network and infrastructure and ends up being stifling.
As a matter of fact, most employees find it a tad cumbersome to remember two or more strong passwords, so, the policy becomes skewed at the end and these result to network security lapses and more requests to the help desk to reset lost passwords. This is what I refer to as the Password Policy Paradox — the averment that needing too many strong passwords will lessen overall security posturing.
While there isn’t a one size fits all approach to authentication, bio-metrics offer the strongest form of authentication, but it is quite pricey and out of range for most organisations. Tokens are very effective likewise and the financial services sector has been the biggest adopter of this technology to date. Token-based systems are also very expensive to deploy and this makes passwords the most viable, common-denominator solution for most operations.
Read More »