Passwords have been the default gateway to computer systems for decades. As soon as it became possible for multiple users to have access to the same computer system, so too was the need for some form of identity authentication.
Fast forward to today and the prevalence of internet banking, personally identifiable information and corporate records stored online have made passwords a prime vector for cyberattacks.
Why are passwords so attractive? One word: convenience.
Studies have shown that most breaches were due to weak or easily guessed passwords. While organizations and individuals can enforce password strength standards, people will still recycle the same passwords for various applications, keep their passwords in unsecured locations or make their passwords susceptible to social engineering. Expediency gets in the way of security. According to a recent report, part of the issue lies with the fact that millennials, who are growing up to be more tech-savvy than the rest of us, will soon become the largest segment of the workforce, and ironically, are less concerned about cyber hygiene. Instead, they’re opting for convenience.
Yet, due to the constant barrage of devastating cyber breaches over the last decade, we see a growing acceptance for alternatives to passwords, or at least not solely relying on them. For several years now, the Department of Defense has sought to get rid of passwords, improving overall network access security without making the authorization process more difficult for authorized users. Many of the largest private firms in the world, like Google and Microsoft, have poured resources into technologies and best practices that move us away from what has become an outdated and deficient approach to security.
What was once a mature market has become dynamic again
More and more organizations and individuals recognize that we need to strengthen authentication. The use of cryptographic “smart” cards, security tokens and development of biometrics has not meant the death knell for passwords but there has been a sea change. Multi-factor authentication (MFA) doesn’t necessarily eliminate the need for passwords but increasingly, it is no longer the lone sentry to networks and applications.
According to IDC, the Identity and Access Management market in North America will reach nearly $4 billion this year, growing at near double digits rates. This growth is primarily due to organizations seeking to replace password-centric approaches with more advanced authentication. In fact, legacy authentication, like passwords, now account for only 4 percent of global identity and access management spending!
The identity and access management space will continue thriving given that there are far too many organizations, devices and individuals still reliant on passwords. For identity and access management vendors, it’s important to remember though that one size doesn’t fit all. To repeat another often used adage, you should know your customer. Customer size, vertical market and regulatory environment factor heavily in how receptive they are to not just moving away from passwords but to the kinds of authentication regimes they require. The rise in mobility, off-premise computing and connected things bring with it both a greater need than ever before for expanded authentication but also more alternatives to relying solely on passwords.
By Lloyd McCoy
Manager, Market Intelligence
Arrow ECS and immixGroup, an Arrow company
Last modified: May 2, 2019