Submission + - In a Post-Password Era, Getting Rid of Passwords is the Problem (securityledger.com)
chicksdaddy writes: Large, tech savvy corporations recognize that the static password is dead. Still, they can't seem to stop using and relying on them. That's the conclusion of a panel discussion at the Akamai EDGE (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fedge.akamai.com) event in Las Vegas last week, where executives at some of the U.S.’s leading corporations, agreed that the much maligned password won’t be abandoned any time soon, even as data breaches and follow-on attacks like automated “credential stuffing” make passwords more susceptible than ever to abuse, The Security Ledger reports. (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsecurityledger.com%2F2017%2F10%2Fin-post-password-era-passwords-are-the-problem%2F)
“We reached the end of needing passwords maybe seven years ago, but we still use them,” said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. “They’re still the primary layer of defense.” “It’s hard to kill them,” noted Shalini Mayor, who is a Senior Director at Visa Inc. “The question is what to replace them with.”
This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called “credential stuffing” techniques, which use automated password guessing attacks against web-based applications.
Large retailers and other vendors often perceive what Patrick Sullivan, the Director of Security Technology and Strategy at Akamai likened to a “disruption in the force” well before major breaches are disclosed as stolen credentials from those hacks are used to try to break into their own system. However, the sheer number of breaches make spotting the source of a particular leaked credential all but impossible.
Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani said Visa is “looking at” biometric technologies like Apple’s TouchID as a tool for making payments securely. Such technologies – from fingerprint scans to facial and retinal scans – promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.
“We reached the end of needing passwords maybe seven years ago, but we still use them,” said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. “They’re still the primary layer of defense.” “It’s hard to kill them,” noted Shalini Mayor, who is a Senior Director at Visa Inc. “The question is what to replace them with.”
This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called “credential stuffing” techniques, which use automated password guessing attacks against web-based applications.
Large retailers and other vendors often perceive what Patrick Sullivan, the Director of Security Technology and Strategy at Akamai likened to a “disruption in the force” well before major breaches are disclosed as stolen credentials from those hacks are used to try to break into their own system. However, the sheer number of breaches make spotting the source of a particular leaked credential all but impossible.
Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani said Visa is “looking at” biometric technologies like Apple’s TouchID as a tool for making payments securely. Such technologies – from fingerprint scans to facial and retinal scans – promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.
