Producing a secure authentication process that keeps users happy is easier said than done, but it's necessary in order to keep them safe online.
Controlling access is the basis of all security. The right people should be allowed in, and the wrong people kept out. This is done by confirming – or authenticating – the identity of the person seeking access, and then checking that the person is authorized to enter. Authentication is normally achieved by the presentation of a User ID (usually the user’s email address) to identify the person, and a secret password known only to that person to confirm the identity.
But there are huge problems with this process. Fundamentally, it does not authenticate the person; if a criminal acquires and uses the person’s User ID and password, the criminal is automatically authorized to gain access. So, strictly speaking, a password does not authenticate the user, it simply authorizes a device regardless of who is using it.
This basic weakness in password-based authentication has become a continuing disaster caused by the sheer volume of stolen IDs and passwords available to criminals. A race is now on to find or develop a more secure and efficient form of user authentication. We’ll look at some of the options, but will start with an examination of how and why passwords have failed us.
Passwords
Too many, too weak
An analysis by LastPass, published in November 2017, “found the average employee using LastPass is managing 191 passwords. Not 10, not 50 – an average of 191.” It is not realistic to expect users to remember this many passwords or to keep their reminders secure; so, they use and reuse simple passwords. Simple passwords ..
Support the originator by clicking the read the rest link below.
