Leave the Hassle and Expense of the Password Era Behind
Businesses often fall into the costly trap of repeating the same processes year after year, never taking the time to consider whether alternative, and potentially more efficient, approaches have become available. Particular ways of working can get so ingrained into a business’s routine operations that no one thinks to step back and ask, “Is there a better way to get this work done?”
Line items in annual budgets often get renewed every year simply because that’s the easiest – if not the smartest – way to keep things moving in fast-paced corporations. We might want to call it the “This is the way we’ve always done it” syndrome.
Even if fresh, innovative approaches have become available, the organization will not be able to benefit from them if no one is looking out for them. The sad result of this flawed philosophy is, ultimately, a somewhat hidden hit to the bottom line: by remaining locked into old, expensive processes, the savings that can come with a more modern implementation are not realized.
Passwords Are a Perfect Example
One need look no further than the area of information security to see an all-too-common example of this kind of business blunder in action. On the surface, this crucial part of an operation might seem like the last place where old processes would be allowed to stay in place. After all, the hackers, malware script writers and other so-called cyberspace “bad actors” NEVER stop innovating. They are always busy working on new ways to get past digital defenses and wreak their havoc on corporate systems. Organizations can, therefore, ill afford to keep doing things the way they’ve always been done in the area of security.
Yet, many usually do. Let’s look at the old standard defense of passwords, for instance. For years, companies have asked end users to provide the last line of digital defense by requiring them to enter passwords to gain use of the software tools and back-end systems that they need to do their jobs. Think of a Human Resources employee accessing a payroll app, or an engineer logging into a network to pull up sensitive blueprints.
When we step back and look at this approach, it becomes clear that it is flawed from the very beginning. Why? Because it places the huge responsibility of ensuring corporate security on the shoulders of those employees who are the least capable of providing it. End users are typically not hired for their info-security prowess. They are hired for their expertise in their chosen field, and nearly all come into a job with little to no knowledge, or interest in, cyber-defense.
Yet they are called upon to carry the load by carrying out, among other actions:
- remembering long and confusing passwords
- juggling multiple devices to which encryption keys or push notifications are sent
- entering those keys into another interface on their computers
- continually authenticating themselves to the system by entering their credentials multiple times throughout a day.
Talk about a hassle!
By forcing users to fly the security plane, so to speak, is it any wonder so many companies get the catastrophic results we so often read about in the news: huge financial losses and/or crippling brand damage that lasts for years or even puts some businesses OUT of business? A recent Verizon study that found that 80% of all breaches are connected with compromised credentials or weak passwords illustrates just how fragile this rickety old approach to corporate security really is.
Extra and Unnecessary Costs
Even when these dire outcomes are avoided, thanks to users diligently carrying out their responsibilities correctly, the old-school password model produces a plethora of extra costs for the organization. Think of all the budget that goes toward paying the salaries of those who develop and implement training programs for end users. Or the expenditures on all the software that facilitates the password entry process? And there are many more of these “invisible” expenses.
Let’s also not forget that many organizations fail to carry out their password strategies correctly, flawed as they may be. The Verizon study found that 39% of surveyed businesses did not offer proper personnel password training and 61% did not require password complexity to improve strength.
Despite all of these flaws, passwords have dominated the security landscape for years. Their endurance is partly a product of the aforementioned “This is the way we’ve always done it” syndrome, and partly because a significantly more effective solution was not available.
Fortunately, that is no longer the case. Today, a revolutionary new approach is available to eliminate the hassle and unnecessary worry and expense of the old password era. WinMagic’s MagicEndpoint solution ushers in a new era in which the responsibility of authentication moves from the end user to the system itself. It does so by utilizing public key cryptography to eliminate passwords. This represents a new way of thinking about enterprise security and marks the next generation in corporate protection. This is a far better approach than passwordless authentication and traditional multi-factor authentication because now, the user does not have to take any action at all and there is no MFA required for remote access. Thanks to MagicEndpoint, the user is free to concentrate on doing what they do best – the job they were hired to do.
Learn more about how you can bring your organization into this exciting new era of enterprise security with MagicEndpoint from WinMagic.