We Need to Talk About NIST’s Dropped Password Management Recommendations

by Mark Stone

published in Security Intelligence on Nov. 26, 2018

mitnik and abagnale.png

From the article:

Passwords: Can’t Live With ‘Em…

It’s clear that a winning formula for password management and policy isn’t one-size-fits-all. Based on my years of experience drafting and enforcing corporate password policies, most tactics fail to catch on.

Two of the best-known experts in the field — Kevin Mitnick, chief hacking officer for KnowBe4, and security pundit Frank Abagnale, made famous in the film “Catch Me If You Can” — have slightly differing opinions. But at the end of the day, their views generally echo each other. . .

…Can’t Live Without ‘Em

Mitnick and Abagnale foresee a world in which passwords are no longer part of the security equation. But until that happens, we need to work with them. . .

Never Could Say Goodbye

Finally, both Mitnick and Abagnale are bullish on companies like Trusona, a forward-thinking security business that hopes to crack the code on a password-less internet by focusing on the user experience. Trusona offers a range of MFA processes that don’t require a password. Abagnale is an adviser for the firm.

“Passwords will be here for a while,” said Mitnick. “The challenge companies like Trusona have is early adoption. It’s all about the market. Even though you have a technology out there, it doesn’t matter if nobody’s adopting it.”

According to Abagnale, that day may come in three to five years.

“The technology is already here, and now needs to be implemented,” he said. “There is reason to think that passwords may remain in legacy systems for years to come, as the cost of ripping them out is too high. Nonetheless, password-less logins are the way of the future, and companies would adopt this method once they realize the benefits. . . . ”

Karen Dayan