One of the world’s leading independent provider of enterprise identity management software announced today its intention to kill the password as the dominant form of authentication.
At the Oktane 2018 keynote in Las Vegas, Nevada, CEO, Todd McKinnon launched Okta’s new ThreatInsight feature which eliminates the password as the primary factor of authentication replaced by a stronger combination of factors and signals such as device information, location, network context and user behaviour. The enhanced security suite is strengthened by a newly formed partnership with VMWare and is available in both Okta’s Adapative Single Sign-On and Adaptive Multi-Factor Authentication products.
“The best password is no password at all,” McKinnon said. “Today’s threat actors are targeting the weakest point of your company’s security – your people – and too many are successfully compromising employee accounts due to poor or stolen passwords.”
Okta’s President of Worldwide Field Operations, Charles Race told Which-50 that though the password itself will likely not disappear completely within his lifetime, the use of the password as a primary authentication factor will soon go the way of the Dodo.
“If we had to remove passwords tomorrow from all systems, that would be an impossible task,” he said.
“The use of the password, or avoiding the use of passwords, where we can use better and more secure methods, particularly access to personal information as one aspect is great.” Another element is no longer having to reset all your passwords because of the proliferation of other factors that can be used to authenticate users.
“We believe that there are better and more secure methods for authentication than the password,” he said.
“This is going to evolve, and the blockchain discussion will ultimately be a part of what happens in the future, but this is going to evolve into areas of biometrics including facial recognition, thumbprints and retinal scans which are going to become a much bigger part of authentication, but that is an expensive option because it typically involves hardware.”
Examining behavioural patterns and location data will be a useful and more secure option for companies and businesses whose budgets do not allow for expensive hardware solutions.
“Looking at behavioral patterns, like: what time do I usually login to my computer? What do I normally click on first? There are plenty of patterns we can examine to identify whether potentially anomalous behaviour is occuring,” he said. “We can build more intelligence into behavioral patterns, so that’s also useful.
“And then, of course, there are the obvious data points like where does the device user live? Is it a new device? These are other factors we can use to ensure logins are properly authenticated.”
Race said that Okta’s newly announced partnership with VMWare integrating its digital workspace platform, Workspace ONE and Okta’s Identity Cloud will assist in mobile device management which will help to create new identity standards that do not involve passwords, or even password managers.
“Combining all those things: the device, the location, the behavioural data and biometrics in our opinion is a much more effective form of identity security than passwords. That is where this is coming from, removing the password from the authentication of the person.”