Five years ago, when Dr. Shimrit Tzur-David, CTO and co-founder of cybersecurity company Secret Double Octopus, used to present a pitch deck for her company, more than half the slides explained the problems of password authentication. Today, she says, her business presentation slideshow jumps right into what the Israeli firm’s pioneering password-free, key-less authenticator offers to enterprises in the security and identity and access management arenas.
“There is a major change in [understanding the need for] password-less solutions. Today, in most meetings the customer says, ‘I’m already convinced. What’s your solution?’” Tzur-David tells NoCamels.
Get our weekly newsletter directly in your inbox!Sign up
The role of passwords in keeping information systems secure is changing. Today, market adoption of alternative authentication methods is advancing all the time. After all, hackers have shown that passwords are easy to steal.
“By 2022, Gartner predicts that 60 percent of large and global enterprises, and 90 percent of midsize enterprises, will implement password-less methods in more than 50 percent of use cases — up from five percent in 2018,” according to a March 2019 report by Gartner global research and advisory firm for the IT field.
Indeed, alternative security systems are popping up all the time. Some of us already use fingerprints, voice recognition or facial recognition instead of traditional passwords.
Knowing that some 80 percent of company breaches come about because of employees’ weak passwords, an eerie movement of microchipping employees has even come about in Europe and North America as a means to combat security compromises.
People are inserting a tiny microchip implant under the skin in their hands to enter their workplace, log on to computers, and purchase meals in the company cafeteria.
For Tzur-David, this option is perplexing.
“Even if this is something some companies are trying, it will never be acceptable in the enterprise environment,” says Tzur-David, who is also a senior lecturer in the Department of Software Engineering Azrieli – College of Engineering Jerusalem. “If we [put aside] the employee’s privacy and interest of the employee, and just talk about the technology concern… what if the algorithm needs to be changed, then what? A surgical procedure?”
“I cannot see this happening in the enterprise environment,” she says.
Turning employees into digital people (or, perhaps even, cyborgs), of course, is an extreme measure.
Secret Double Octopus is considered a global leader in password elimination solutions. Its proprietary phone-as-a-token tech prevents unauthorized use of a system and prevents identity theft.
“Our technology solutions are built on proven unbreakable cryptography,” Tzur-David tells NoCamels. “Hackers have nothing to do — they can’t phish or any other attack. There’s nothing for them to do here.”
The marketplace’s acceptance of password-less authentication solutions offers a vast transformation to the security landscape of 2015 when Secret Double Octopus announced that it had developed the world’s first password-free solution.
Back then, the Beersheba-based team spent a lot of time with potential customers explaining their vision for password-less authentication solutions. Today, Secret Double Octopus’s solution is used by Fortune 100 customers in Europe, the US and Asia.
And, as would be expected, there are a number of other password-free platforms and solutions now making waves in the marketplace.
There are companies like American firm, UnifyID, which has created an implicit authentication platform that uses behavioral human features to prove uniqueness. Or, Israel’s BioCatch that uses biometric methods to verify the user is who they say they are; and Unbound Tech, which allows existing applications to support password-free authentication on the user side.
“While these methods all include a different approach to password-less authentication, they have one thing in common: The user’s authentication data is never stored within the system, as a password would be. It is this crucial element that gives password-less solutions their security advantage,” Tzur-David explains on Tech Radar.
New headlines appear daily on tech-dedicated websites the world over as analysts weigh in on the password-free security tech trend, the role of passwords in today’s security marketplace, and how much longer until your dog’s name or birthdate (your passwords) goes out of style.
“Passwords are meant to authenticate humans, not machines,” Mathieu Chevalier, Lead Security Architect, of Canadian IP-based security solutions Genetec, tells Security Informed news site. “Therefore, they shouldn’t be the first choice when one system authenticates itself to another. User-controlled passwords are a major vulnerability and the largest single attack vector used in breaches, hence other alternatives such as password-less authentication, PKI (Public Key Infrastructure) and biometrics are gaining support.”
All across the security landscape, experts voice the need to break the traditional security paradigm. They say password-less authentication can offer better security, fewer breaches are more cost-efficient and give a better user experience.
“There’s no question password-less authentication is more secure than password-based security, and it’s clear that employees, IT, and management will all benefit from the ease of use and cost-reduction that results from implementing password-less authentication,” writes Tzur-David.
In the first week of August, Mastercard announced that it had enabled users to do online transactions without the need to authenticate a one-time password (OTP) — which, the credit card company said, was the first time such a transaction was done globally.
“This is where we’re going. In enterprise you won’t see passwords in the next five years,” says Tzur-David.
So, while Israel is known for its innovative technology startups, the country is also renowned for offering global tech solutions even before the world knows a solution is needed.
“At the beginning, when we came with our innovative solution the companies weren’t always open to believing what we were selling. From our perspective, we could have tried to convince the potential customer but we backed off and waited for them to call us. And they did. We have a very innovative solution,” says Tzur-David.
“Today, I believe we’re in the right place at the right time with the right solution.”
Viva Sarah Press is a journalist and speaker. She writes and talks about the creativity and innovation taking place in Israel and beyond. www.vivaspress.com