January 12, 2017 -
It is possible that by the end of this year “the password will be a thing of the past,” according to a set of predictions for the year ahead by KPMG’s cybersecurity practice technical director David Ferbrache.
Some of the reasons for this possible shift are included in other items among the ten cybersecurity trends Ferbrache expects to see in 2017, such as the use of default passwords contributing to what he calls “the internet of insecure things.”
“This year will hopefully be the year that blind reliance on passwords ends. The security community and the business community are starting to realise that they need a more sophisticated approach to authenticating people and their actions. One which uses multi-factor authentication (including biometrics), behavioural analysis and contextual information to make judgements on whether the user really is who they say they are; and just how risky their attempted transaction really is,” Ferbrache says.
The increasing industrialization of cybercrime is another trend identified as putting pressure on passwords and cybersecurity in general, with attacks becoming more sophisticated in targeting firms and their employees, and ransomware continuing to evolve and make criminals money.
A growing understanding among companies about the relation between preventing fraud and attacks, both of which can be reduced with effective identity authentication, is another trend for the coming year, according to Ferbrache, which will contribute to driving people away from passwords.
As previously reported, Ferbrache said in KPMG’s 2016 predictions that he hoped to see passwords scrapped as “one of the weakest links in our security chain” in favor of biometrics and more sophisticated approaches, but acknowledged that the time had likely not quite arrived.
Likewise, many security companies have called for replacement of passwords, and a survey released by SecureAuth in October showed a large majority of organizations are intending to do so within the next five years.