Cybersecurity is not an industry that is synonymous with fashion. We have never had an iPhone moment before; that point when a smart, sparkly new technology appears that is so useful and usable that it goes from nowhere to becoming the de rigueur standard in the space of just a few years.
Most of what hits the press about cybersecurity is the – Who just got their brand annihilated by a very public mega-breach? Or, What snarky new trend are the cybercriminals leveraging?
It’s nice to have some good news for a change.
The good news here is: Passwords are dying out.
No, really they are.
Yes, there will still be some passwords around BUT due to the relatively recent development of certain new security standards and protocols – organizations are now able to move to a passwordless model. And as it turns out – this passwordless model has quite a few substantial security benefits – if you put the pieces together correctly.
In my on-demand webinar Zero Trust = Zero Passwords?, we explore exactly what passwordless really means – and for good reason – because any organization retaining an ongoing reliance on passwords is rapidly marking itself out as a highly vulnerable target for cybercriminals. In other words, no organization wants to get caught out not knowing what passwordless is and what security benefits it can bring.
Perhaps it is because I started out as an auditor – but there is nothing more concerning to me (right now) than any supplier who still needs each user to authenticate with a username and password – and to do it on every session - and on top of that – has no secondary authentication either. They literally might as well paint a large bullseye over the door of their corporate headquarters – and place a brush matt in the entrance emblazoned with the words “Hackers welcome”.
In addition to the transition away from passwords, another emergent trend is towards the buzz of Zero Trust. Just what is zero trust? Does the definition depend on who you talk to? Is zero trust easy to deploy? And – does it fit with the exciting trend of going passwordless?
I have taken my experiences (good and bad) and research into zero trust and passwordless security to put together a concise explanation of these topics and how they relate to each other. I have also included some top tips – and an outline of the potential pitfalls to be aware of during deployment.
Zero Trust has become the buzzword of the moment in cybersecurity sector at the moment – but what is it really? After all - a lot of the principles (apply least privilege, trust nothing by default, …) really do not sound any different from the core security principles we are supposed to have been applying for a long time.
Join the on-demand webinar session for a fun and insightful journey into the world of zero trust and passwordless authentication. Does zero trust mean zero passwords? Check out the session to find out!
Whitepapers
Mapping BeyondTrust Capabilities to NIST SP 800-207
Blog
Passwordless Administration Explained
Raef Meeuwisse, Cybersecurity Expert and Author
Raef Meeuwisse is one of the most popular authors in the field of cyber-security and social engineering. Raef’s titles include the global best-seller, ‘Cybersecurity for Beginners’, the frequently evolving ‘Cybersecurity to English Dictionary’ and ‘How to Hack a Human’; an exploration of how easily us humans can be controlled and influenced. His experience includes running eight digit security budgets, consulting on security at over 50 different organisations, designing a multi-million-pound security software platform, training as a hypnotist (yes, you read that correctly) and occasionally flying helicopters.
In addition to making public appearances at countless conferences across Europe, the UK and the US, he is also a frequent provider of commentary for multiple technologies and mainstream news outlets and has appeared in Infosec magazine, ZDNet, TechTarget, TEISS and on Sky News.