The importance of data security is more prevalent now than ever before. While certain matters of encryption and server attacks are popular in the press, the matter of Shadow IT is one that cannot be forgotten.
Recent breaches have shown access through simple passwords have caused unnecessary issues. Such is the value of tools like Windows hello, which as will be explained below, could greatly benefit organisations.
Let’s start at the beginning…
History of the password
The first computer password was developed in the early 1960 at Massachusetts Institute of Technology (MiT) for use with the Compatible Time-Sharing System or CTSS from which a large chunk of basic computing functions used today were derived.
Fernando Corbato (the head of the CTSS program at the time) was faced with the issue of “setting up multiple terminals, which were used by multiple persons but with each person having his own private set of files” and securing those files. The password for “each individual user as a lock seemed like a very straightforward solution.”
Early passwords were simple and easily stored since sophisticated hacking and password cracking programs did not exist. The password then started to evolve through the work of cryptographers like Robert Morris and the evolution of UNIX based system created a more secure version of the early algorithm’s used to hash the password.
Even the new secured algorithms are not 100% effective and as such moves have been made since the turn of the century away from the password towards multiple factors and more secure methods of authentication.
Why are we moving away from the password?
The move away from the password has 3 main drivers
1. Passwords can be cracked and the easier the password is to remember, the easier it is to be cracked.
• It takes only 10 minutes for a password hacker to crack the password – uiosdf.
• The addition of letters and some uppercase – UioSdfTq that number jumps to 3 years.
• Add another character and make the password alphanumeric with symbols – U!0SdfTq7 and that number jumps to approximately 44,000 years.
2. Users use the same password multiple times across their digital footprint.
73% of online accounts suffer from the domino effect. Where user’s use the same username and password for multiples accounts, allowing multiples accounts to be compromised at once.
3. There are better alternatives such as Windows Hello and Passport.
What is Windows Hello & Microsoft Passport?
Windows Hello is the feature name that Microsoft has given to the new biometric sign-in method built into the code of Windows 10. Hello allows face & fingerprint identification to unlock user devices. Microsoft Passport is the flexible backend that sits behind Hello and using the combination of a specific device and Hello to allow simple password management.
The aim of Hello & Passport is to act in conjunction with each other to provide face & fingerprint recognition features and provide users with a quick and secure method of identification to allow them to get right back into what they are doing quickly.
Windows Hello provides many benefits to the user and organisation:
• Strengthen protections against pass the hash attacks – an attacker requires both the device and the user’s biometric information to access.
• Simple authentication, with a simple to remember PIN means there’s nothing to forget.
• Windows Hello support is built directly into the operating system and can be controlled with Group Policy or Mobile Device Management.
• Data is only ever stored locally – this separation is designed to stop potential attacks.
• The biometric data stored on the device if accessed, can’t easily be converted to a form that can be used to “fool” the sensor.
How long before we don’t need a password?
No one knows when the password will become defunct, all that people know is that it is going. In 2004, Bill Gates declared the password dead and 12 years on its still here.