Between the time you sit down at your desk in the morning and the moment you shut down your computer in the evening, how many times do you think you input a password for an account, program or device? A recent survey found the average person has 27 logins that require a password and uses more than half of them in a given day.
Is this really the most convenient and secure strategy for handling confidential information in the workplace?
How many different passwords do you think you have? Most people fall into one of two camps. They either have one password that they use across all accounts and platforms, or they have a different password for every account. The problem is that neither of these approaches is very good.
If you only use one password, you’re putting yourself at risk for being compromised. If you use different passwords, you constantly have to guess and reset pass codes just to log into various accounts.
In the office setting, poor password behavior leads to heightened security threats and lost productivity. As a result, your IT department likely spends hundreds of hours a year dealing with password related issues and all of the negative byproducts that result from them. So, whether you realize it or not, passwords are possibly holding your business back.
Passwords are a pain in the ass, and there’s not much you can do about it. The best security options already acknowledge this. The gold standard of security is to require something you know, something you have, and something you are. The good news is, several services you already use offer it – it’s usually called two-factor auth. Take logging in to gmail: first type in your password (something you know), and you’ll get a text message to your phone (something you have) with a one-use code.
But what if someone told you that traditional passwords are going by the wayside? If you study new trends and developments in security technology, it looks as if this may be the case in the very near future. And from a small business perspective, the ramifications could be significant.
See, if someone has the password, they have access to everything that’s inside. In essence, password protection is security through obscurity, a security practice that’s universally lambasted as weak and ineffective. It’s like having a padlock on a safe. All someone needs is a pair of bolt cutters and they can have whatever is inside.
It makes much more sense to develop security infrastructures that don’t rely on singular security challenges. Instead, businesses would be wise to invest in security technologies that require persistent identity measures. One idea that’s growing in popularity is the concept of using behavioral inputs.
In the case of a behavioral input system, security can ramp up authentication measures if the user’s actions don’t seem to line up with the expected behavior. Experts are also seeing a lot of anticipated growth in biometric security. One specific area that’s growing in popularity is the use of voice recognition. Aside from fingerprint scanning and voice recognition software, other (less frequently used) forms of biometric security include iris recognition, vein-pattern detection and even heart beat detection. Businesses with high level security needs can be expected to adopt some of these security formats in the very near future.
It’s easy to cling to the status quo, even when it comes to something as important as security. You’d rather do something you’re comfortable with than rock the boat and risk messing something up. But unfortunately, you won’t be able to sit still much longer. Changes are coming and businesses like yours will need to adapt.
From a financial perspective, the cost to upgrade your existing approach to cyber security and password integrity could be high. Solutions such as voice recognition and iris detection software are still quite expensive and will remain that way until the tech companies reach economies of scale. With that being said, the long-term pay off for an investment in advanced password security is much higher than the upfront cost.
Check out my related post: Do you have a shadow profile?