FB pixel

CISOs say advanced authentication methods must be used with traditional passwords

Categories Biometrics News  |  Trade Notes

A group of leading Chief Information Security Officer’s (CISOs) say that days are numbered for the password as the sole authentication method and that advanced authentication methods must be used in tandem with traditional passwords, according to a recent report by Security Current.

Security Current is an information and collaboration company by CISOs producing proprietary content and events for CISOs.

Ten CISOs from across various industries weighed in on the topic, with most seeing enterprises moving to augment or supplement traditional passwords with advanced technologies, such as biometrics.

Participating CISOs included: Frank Bradshaw, CISO, Valley Health System; Chris Bullock, CISO, Aaron’s, Inc.; Jonathan Chow, CISO, Live Nation Entertainment; Michael Dent, CISO, Fairfax County Government; Nikk Gilbert, Director of Global Information Protection and Assurance, ConocoPhillips; John Masserini, CSO, MIAX Options; Pritesh Parekh, VP and CSO, Zuora; Jim Routh, CSO, Aetna; Hussein Syed, CISO, Barnabas Health, and; Christine Vanderpool, CISO, Molson Coors.

The report says that CISOs agree that passwords are inherently flawed because they depend on users to create and remember complex sequences of letters, numbers and characters while users tend to select sequences that are easy to remember, and often easy to crack.

“Despite industry-wide efforts to reinforce this method of authentication and the number of methods available to encrypt and store passwords, the fact that remains is that creating good passwords – and safeguarding them – is as difficult as rocket science,” said Nikk Gilbert, ConocoPhillips Director of Global Information Protection and Assurance.

However, Aaron’s CISO Chris Bullock suggests passwords are a necessary layer in a multi-faceted authentication solution. “Just like the locks on our front doors can’t stop a determined burglar or home invader 100% of the time, we continue to invest in door locks and alarms to protect our property,” said Bullock. “When used correctly, passwords can still be an effective layer of defense, yet we should continue to innovate in the area of authentication.”

Next generation technology, such as biometrics, and adaptive cognitive and behavioral techniques, can reduce risk and provide a relatively seamless user experience but there is general consensus among CISOs that although the industry will continue to innovate and evolve no method will work 100% of the time.

“Biometrics or multi-leveled, behavioral-based techniques will improve the future of authentication,” said Molson Coors CISO Christine Vanderpool. “But managing appropriate levels of access is also critical to data protection because at the end of the day, the bad actors will continue to find ways to steal the information you are protecting if they want it badly enough.”

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Police Scotland engages public on biometric data rights amid cloud storage concerns

Police Scotland has commenced the distribution of an information leaflet to all individuals in police custody who have their biometric…


‘Facial recognition is the easy part’: digital travel ID pilot results are in

Air travel has been getting more complicated. From security and passport checks to special documents such as COVID-19 certificates, passengers…


Worldcoin expands to Ecuador, set to resume in Kenya and Portugal

Chalk up a win for Worldcoin in Kenya, where authorities have dropped their investigation into the iris biometrics and digital…


Corsight, Segdboa supply facial recognition to São Paulo military police

Corsight AI has partnered with Segdboa to provide the São Paulo Military Police with advanced facial recognition technology, with the…


Vote begins on biometric injection attack standard

Europe’s standard for biometric data injection attacks is on track to be published in October of this year, and could…


Idex, Zwipe each strike biometric access card deals

Norway-based Idex Biometrics‘ access control system has received an integration order for biometric access cards, while fellow Nordic developer Zwipe…


11 Replies to “CISOs say advanced authentication methods must be used with traditional passwords”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events