CIOs Want To Know: What Comes After Passwords?

There surely has to be something better than passwords out there…
There surely has to be something better than passwords out there…
Image Credit: Hardeep Singh

As the person with the CIO job, because you understand the importance of information technology it’s part of your job to ensure that both your company’s customers and its employees are kept secure when they are using the company’s IT infrastructure. This means that you need to implement systems that will allow the good guys in and keep the bad guys out. More often than not, the way that we go about doing this is by implementing security systems that require a user to enter a password. However, there are all sorts of problems with passwords . Is there a better way for a CIO to go about doing this?

Say Goodbye To Passwords

In a perfect world, the person in the CIO position would be able to make the authentication of both customers and employees almost invisible. The goal would be to have the verification of employee’s identities be something that happens in the background. In order to allow companies to do away with passwords, IT departments are investigating new technologies such as biometric scans of both fingertips and faces . Additionally, authentication tools are being developed that track what apps you open most frequently.

What CIOs need to realize is that the bad guys keep getting better at what they do. This means that the old standby, passwords, are starting to appear as though they are less secure than they used to be . A number of electronic break-ins, including the one at Equifax, are going to raise questions about trying to authenticate a person using things like their Social Security number or other personal data. Everyone agrees that better authentication methods are required. What CIOs need to keep in mind is that yes, security is very important; however, at the same time companies want to be able to present their customers and employees with a seamless experience and not require them to have to remember yet another set of passwords.

A number of companies have taken the lead in searching for alternatives to passwords. Over at the credit card company Mastercard, they have started to equip some of their employees with laptops that can read a fingerprint before permitting access . Additionally, because Mastercard knows that they need to keep the bad guys out of their work areas, they are testing new technology that will scan employee faces before they are permitted into a building. Mastercard also wants to find ways to verify who their customers are without requiring them to use a password. They are deploying technology that can identify you based on how you hold your mobile phone and other such behavioral biometrics.

What Will Replace Passwords?

All of this new technology stuff sure sounds great, but we need to be a bit careful here before we go rushing in too far. What the CIO does not want to do is to disrupt the end user’s experience with too many security policies . What we may forget is that even if we implement slick new technology, this may leave our customers feeling that their data is less secure because they didn’t have to enter a password. With the new systems, we need to be careful that they are not too sensitive. You wouldn’t want a security program to be blocking a user because their typing had changed because they had injured their hand. These kinds of mistakes can make life cumbersome for both employees and customers.

One of the hot new areas for getting rid of passwords, especially with the introduction of Apple IPhone X, is facial recognition. This technology is constantly evolving; however, it is still not quite perfect. There are a number of different things that can result in a facial recognition system not working correctly . A poorly lighted room or a user with a new beard could both result in a user being locked out of their system. The other challenge with any facial recognition system is that they are not perfect. Hackers can get around them by using high quality photographs, animations, or an animated avatar.

So what should CIOs do about passwords? If you take the time to talk with the experts, what they will tell you is that a CIO should not rely on a single authentication tool . Note that we do this today with the passwords that we use. The smart people tell us that we should take a layered approach to implementing security within our company. The approach that we should take should, in the future, is to use a combination of biometrics, behavior monitoring, and maybe even a password or two.

What All Of This Means For You

CIOs understand that they have a security problem on their hands. The passwords that are currently being used to identify users who want to gain access to the IT department’s systems are not secure enough to keep the bad guys out. New technology is going to be required and the sooner that it can be implemented, the better .

The best kind of identity verification systems are the ones that operate in the background out of sight . Electronic break-ins where personal data is stolen show that such data is no longer considered to be secure. CIOs need to find ways to secure their systems in a way that will not require end users to remember more passwords. Mastercard has been very aggressive in securing their internal systems and helping their customers to identify themselves. CIOs need to be careful that new identify solutions don’t leave customers feeling as though their data is no longer secure. Facial recognition technology is currently very hot. However, it can fail and under the right circumstances it can be fooled. CIOs are going to have to learn to not rely on a single identify solution, but rather to create layers of different solutions.

No, passwords are so embedded in all of the systems that we use that they will not be going away overnight. However, as the world has evolved it has become clear that passwords are no longer going to be enough to keep our systems secure . The future is going to be filled with different types of biometrics that will allow our systems to identify who is preparing to use them. The future is going to be different from today, but our systems should become more secure.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that new authentication techniques should be implemented in addition to existing password systems?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.


P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

We’ve all been there. All of a sudden we realize that someone in the IT department has failed to deliver on a commitment that they made to us that has something to do with the importance of information technology. As the person with the CIO job, it is now going to be your job to give them negative feedback so that they know that they have failed. You’d really like to find a way to avoid repeating whatever went wrong in the first place. Additionally, your biggest fear is that by providing negative feedback you are going to end up damaging your relationship with this person and you’ll be left with an even bigger problem than you already have. How can the person in the CIO position effectively provide negative feedback?