Recently, the Entrust Cybersecurity Institute surveyed 1,450 consumers across 12 countries and asked about their thoughts and experiences on password less authentication, hybrid identities, and ownership over personally identifiable information. To understand it better, Associate Editor, channel360mea spoke with Simon Taylor, Channel Sales Director MEASA, Entrust. While talking about the future of passwords, he also highlighted the role of channel community in taking the message to the last miles. Below are the excerpts…
Considering the sensitivity of our social presence, how do you see cyber authentication unfolding going forward?
Our digital presence will continue to grow in the coming years, and cyber security needs to simultaneously continue to become more robust in order to support that growth and protect consumers. However, some elements which strongly characterized cyber authentication in the past will start to become irrelevant as we enter a new age of artificially intelligent security – namely the traditional use of passwords.
Passwords are not the problem, human error is. According to the findings from our latest ‘Future of Identity’ report, consumers admitted to struggling with remembering their passwords, with 58 percent of respondents resetting a password at least once a month, and 20 percent of those same users doing so at least once a week. When given the option between biometrics or a password, it was no surprise that 88 percent of respondents chose biometrics at least half of the time. It’s just easier. Biometrics utilize unique physical or behavioral characteristics, such as fingerprints, facial recognition, or voiceprints, to authenticate individuals, providing a higher level of security, as well as convenience.
From where we see it, passwords don’t hold the same value in the future of cyber authentication. The focus will move towards more secure and convenient methods like biometrics authentication, and token-based authentication. At Entrust, we’re committed to helping shape this future by providing a secure, seamless, and user-friendly authentication experience for everyone. We are working to educate and deliver best practice solutions based on CISA’s Zero Trust maturity model as well as giving customers agility and confidence with the approach of the Post Quantum horizon.
From Passwords to OTPs and 2-factor authentication, what can be more authentic and effortless (which method is the most effective?)?
While passwords, one-time passwords (OTPs), and two-factor authentication (2FA) have significantly improved authentication security, the next step in the evolution of authentication is password less authentication. At Entrust, we believe this is the most effective and seamless authentication method and it is becoming more mainstream today. Password less authentication does not require users to remember or type in any password at all, making it less susceptible to human error and much more secure and convenient for any user.
We found out from our study that password less authentication solutions — especially ones that employ user biometrics — are gaining traction, offering more convenient and secure experiences. Biometrics offers a high level of authenticity as they are difficult to forge or replicate, and they can provide a seamless user experience by eliminating the need to remember and input passwords or codes.
Apart from biometric authentication, there are also other emerging password less authentications including token-based authentication that involves the use of hardware and software. Token-based authentication involves the use of physical or virtual tokens, such as smart cards, USB keys, or mobile apps, to generate secure codes for authentication. This method combines something the user possesses (the token) with something they know (e.g., a PIN) to verify identity, offering enhanced security and convenience.
If the future of passwords is becoming bleak, what is the significance of events like World Password Day celebrated last month?
While the future of passwords may be indeed uncertain, events like World Password Day act as a reminder for us to continue to promote and raise awareness on the importance of protecting our identities. Furthermore, this acts as a reminder for businesses and individuals to stay vigilant, adapt to new authentication technologies, and implement robust security measures to protect sensitive information in the evolving cybersecurity landscape.
We must come together as a business community to address these challenges and contribute to the future of cyber authentication, and it’s days like these where we can really bring that to light.
How is Entrust taking the message from consumers to enterprises? Considering your recent report on passwords, how are you training your channel to educate its customers down the line?
Entrust is actively bridging the gap to consumers and enterprises by effectively communicating the message of password security and promoting the adoption of advanced authentication solutions. We equip our channel partners with in-depth knowledge about the vulnerabilities of traditional passwords and the benefits of adopting stronger authentication methods. We provide them with the necessary tools, resources, and best practices to effectively communicate these messages to their customers. In addition to the training programs, we emphasize the importance of adopting a Zero-trust framework and mindset to ensure robust security measures within our channel programs. The Zero-trust approach challenges the traditional security model that assumes trust within a network.
We educate our channel partners on the principles of zero trust, which involves continuously verifying and validating all user identities and devices, regardless of their location or network connection. This approach ensures that access to resources and data is strictly controlled, reducing the risk of unauthorized access or data breaches. Furthermore, channel partners are encouraged to promote continuous monitoring and risk assessment practices. This involves regularly evaluating and verifying the security posture of user devices, networks, and applications. By continuously monitoring for potential threats and vulnerabilities, organization can quickly detect and mitigate risks, thereby enhancing overall security.
How are you aiming to contribute to the recently announced UAE Digital Economy Strategy?
The United Arab Emirates is positioning itself as the global capital of the digital economy as part of the UAE’s Digital Economy Strategy and UAE Strategy for Artificial Intelligence. Given the paramount importance of cybersecurity in the region, Entrust is committed to playing contributing to the great efforts being made to realize these strategies. We recognize the transformative potential of digitalization, innovation, and smart infrastructure in shaping the future of the country’s economy.
We are also strongly embedded within the business community in the nation, working closely with trusted partners and delivering our expertise in order for them to thrive.
What are your thoughts on the Saudi Vision 2030 and are you currently working with Saudi partners?
The Saudi Vision 2030 is an ambitious initiative from the Kingdom of Saudi Arabia to transform the economic and social landscape of the country to position itself as a transformative smart nation. In recent years, the Kingdom has really made some seismic shifts to digitally transform their businesses. At Entrust, we are dedicated to forging strong alliances with government entities, industry associations, and local businesses in the Kingdom to help foster further digital transformation and equip businesses with the tools they need to evolve.
Recently, we partnered with sirar by STC, to offer advanced digital security solutions to their customers, providing them with Platinum status as a provider of Entrust’s cutting-edge digital security solutions. This extensive portfolio encompasses essential tools such as Public Key Infrastructure (PKI), Identity management, Hardware Security Modules (HSMs), and key management. With the integration of the zero trust framework, we can guarantee that sirar and its clients will benefit from enhanced security measures, robust user validation, and continuous monitoring. Together, we are contributing to the success of Saudi Vision 2030 and paving the way for a future of innovation and excellence in the Kingdom of Saudi Arabia.