Flash Read

Password(less)

Tech Trends & Future of Work

August 26, 2020
·
4
min read
An image of a phone screen showing a protected sign

Passwords are rubbish, aren’t they? 


We’ve all asked for someone else’s Netflix login, only to break out in a cold sweat when you see that their password is something like: basketball (yeah, they finally signed up to watch The Last Dance). And, let’s be honest, you didn’t feel great about them sending it over iMessage either. I’ve literally turned down free access to Netflix because of this. And cybersecurity experts like NordPass agree: they’re sick of telling us how rubbish passwords are. 


Letting humans stay in control of those crucial windows of access that passwords reveal will always be problematic. The bad actors awaiting in that password-generated web traffic are experts at exploiting human faults. Take the recent Twitter hack: Two-Factor Authentication (2FA) seemed like a great extra layer of security until a fatal flaw in the thinking was revealed: all it took was some social engineering and the implicit trust users feel with 2FA was turned into a classic bit of phish bait.


What if the answer is in the problem? Password-related attacks happen when human meets internet. Can we remove either or both of those issues? Turns out we can.


Hardware Security Modules (HSMs) are secure pieces of hardware for containing digital information, lock and key in a discreet piece of machinery that fits neatly on your desk. (Actually, they’re pretty small nowadays, the main issue might be losing it, SD-card style.) They generate truly random keys, unlike computers, that exist outside of the internet’s nefarious reach, providing what’s known as Root of Trust (RoT); trusted nodes within a cryptographic system, a critically important element for any IoT network (and much more reliable than human secret-keepers).


If you’d prefer not to ship out HSMs to all your remote staff, there are simpler options that, while not as cloaked as HSMs, at least bypass the password problem. Both AWS and Microsoft Azure offer OTP (One Time Password) access via SMS (yes, it might seem annoying at first but it takes less time than resetting that password we forgot 30 seconds after creating it), plus others such as Okta, OneLogin, Acceptto and Hitachi ID offer robust solutions. We produced an insight report with Microsoft you can read here about IT execs’ experiences with FirstLine Employee remote login. 


Magic links are another option. San Fran-based Magic (formerly Fortmatic) promises ‘customizable, future-proof, passwordless login with a few lines of code’. All you have to do is embed Magic on your site and apps, clients receive an email link they click to sign in, and that’s that. The link, like that 5 of hearts you were watching, vanishes and the hijacking opportunity along with it. (Incidentally, Magic uses HSMs to handle your data.) Here’s a guide of how to add Magic to your apps, including a more in-depth discussion of both HSMs and Magic.


The demise of the password comes with an acceptance of our own limitations. We forget. We enjoy simplicity. We share. So, accept that your team are human and find a password alternative that fits your needs. Because if you don’t, those clients, and your investors, might end up being another thing you’re scrambling to retrieve.


A shoutout to some of our partners offering seamless cybersecurity solutions:


Okta: a robust authentication platform that secures workforce and client identities, and offers nonprofits discounts and free accounts through its Okta For Good initiative.


Hitachi ID: the only big industry player offering IAM and PAM in a single platform. Our joint insight report revealed 43% of IT execs are focusing their budgets on IAM.


OneLogin: focused offering for the remote workforce, OneLogin’s suite of tools includes SmartFactor Authentication, which leverages AI for contextual awareness during Multi-Factor Authentication.


Acceptto: offers unified passwordless solutions through its ‘Continuous Behavioral Authentication’ software that, through machine learning, will adapt to new types of bad actor behavior (they even use AI to decide optimal pricing per client, too).


Access data and intelligence from thousands of verified technology CxOs, VPS, and Directors, while engaging in compelling conversations about what's top-of-mind for tech leaders today.

Join the Pulse Community

Join the executive community

Make and shape business decisions with tried-and-true advice and benchmarks from technology leaders

Executives powering Pulse

“With its survey data, Pulse skips the anecdotes and provides deep context and real numbers for the topics that are top of mind for my organization.”
Julie Cullivan photo
Julie Cullivan
Chief Technology and People Officer, Forescout
“Pulse beats any other platform, research company, Slack groups, etc. at getting me the most relevant advice and content. I rely on Pulse for all knowledge and insights. The answers are consistently exactly what I need.”
Roberto Torres photo
Roberto Torres
CTO, Taimingo
“What the IT community has needed is a vendor free, agenda free platform which encourages discussion and debate amongst peers. Pulse has nailed that in both their Q&A and timely reports.”
Lee's headshot
Lee Vorthman
CSO, Oracle
“I love that Pulse is a one-stop shop for all the peer conversations and insights that are presently super scattered and disconnected among various Slack channels and other CIO groups.”
Enrique Jenkins photo
Enrique Jenkins
Head of IT, DoorDash
“Being able to drive discussions on new tech with my peers and getting immediate feedback is exactly what has been missing until Pulse.”
Manjit Singh photo
Manjit Singh
CIO, Toyota
“For the past two weeks, the first news source I check [every morning] is Pulse. I look at Focused Five everyday. Pulse first, then Twitter, etc. You're that good.”
Miguel Borbolla Olea photo
Miguel Borbolla Olea
Director of IT, OCESA
“I’m excited for what the Pulse team have built to better connect the CIO community. It’s been exceptional for many of us in the community to get clarity and aid decision making as we develop our strategy.”
Yusuf Khan image
Yousuf Khan
CIO, Automation Anywhere
"Transformative change and real-time insights can only come from the people who are doing it day to day in an innovative way. I get a wide variety of that insight from Pulse."
Malcolm Harkins photo
Malcolm Harkins
Chief Security and Trust Officer, Cymatic