2019 is the year that we move on from passwords.

Everyone hates passwords. IT people spend hours trying to enforce great habits, but somehow passwords always end up on sticky notes posted on a monitor. Occasionally the sticky note is put in a drawer. Nobody ever looks there.

Whatever the good intentions of everyone involved, passwords are just not working. The great news is, things are changing and passwords are going to be a thing of the past.

Multiple studies have shown passwords are ineffective. Choosing good passwords are not easy. Remembering them is even harder. Remembering a work account, home account, bank account, email, Facebook, twitter…..impossible. Even then experiments have shown employees will give up a password for a chocolate bar.

There are better ways though. Multifactor authentication has been around for years. RSA have been pioneers with a range of tokens with revolving numbers generated through the magic of mathematics. These types of systems can be quite effective. They combine something you have - a token, with something you know - a pin. Other systems have been around too, with biometric scanners and swipe cards.

These systems have varied in price (from high to higher), usually required complex implementations over the top of existing infrastructure. They then only work on one authentication system.

So why is 2019 going to be different?

New integration with Microsoft, Google, and various 3rd parties make it easier and cheaper than ever before to implement multi-factor authentication. You may already have the Google Authenticator app on your phone, or the Microsoft Authenticator or even both!

These systems provide your phone as the second point of authentication, with revolving numbers. These are only a few of the online authentication systems that are already available. They have the advantage of allowing application and system integration, so that common authentication systems can be used by multiple websites, custom applications or infrastructure.

Microsoft are pushing hard and have enabled a number of underlying technologies available in the latest releases of Windows to allow 3rd party tokens for authentication, and application support. This allows native integration without installing 3rd party authentication systems on your network.

The Australian Cyber Security Center has published the Essential Eight Maturity Model which provides a matrix of 8 security areas and various maturity levels to gauge your system against. Since the introduction of the model in 2017 Multifactor authentication has been a part of it.

Coming into 2019 the technology is so readily available, if you have a high compliance requirement, expect to be asked about your multifactor authentication implementation.

Companies like Yubico have devices such as the Yubikey. These devices can now be implemented easily and cheaply, because of implemented protocols in Windows such as Smart Card/PIV, FIDO2 and U2F. And because these are open standards there are more players in the market and more implementations than ever before. Hardware tokens are just one way of doing things.

This can help get you on your way to compliance within your company. Through passwordless logins for Windows domains or cloud based applications or both. The barrier to entry is lower than ever before, not just from a technology perspective but from a cost. Yubikey’s are under $50 each, and phone based authentication are free.

If you need help to understand your maturity level, advice on how to implement multifactor authentication in your environment, contact us