First, there were just usernames. Then came usernames and passwords. Then came multifactor authentication (MFA), which requires something you know, such as a username and password; something you have, such as a one-time password token; or something you are, such as biometrics using your fingerprint or a retina scan. Now frictionless identity access management (IAM) is the “soup du jour” as companies work to make MFA more effortless for the end user.
Bugs, also referred to as software vulnerabilities, are flaws that can be abused to cause a system or software to have unintended behaviors that disclose sensitive information, negatively impact availability, or provide unauthorized access. These bugs are what malicious hackers use to successfully achieve their after-action goals in a long kill chain of steps.
I've seen a lot of board rooms over the last 18 years and have met with boards of directors for companies with as few as 100 employees and companies with as many as 50,000 employees. In every one of these meetings, I've been asked the inevitable, arguably rhetorical question, "Are we secure yet?"
“Dear password, we’ve been together for over 28 years now. As a matter of fact, you were my first authentication mode. You made sense at one point in my life when I needed something that simply just worked. Now, you aren’t enough for me ; I need more — something you can’t offer. It’s time for me to move on and leave you in my past. We grew up together since telnet; we worked perfectly together with Secure Shell (SSH), even though at the time there were better alternatives, such as keys.
Alissa Knight is a senior analyst with Aite Group's cybersecurity practice. Ms. Knight covers cybersecurity in financial services and healthcare, serving as a thought leader and trusted advisor to financial institutions, established technology vendors, startups, and venture capital firms. She provides actionable recommendations to clients by producing research papers, speaking at conferences, interacting with clients, and leading consulting engagements as a purveyor of research and advisory services on the contemporary IT risk management topics that matter most.