Logging into a computer with a password has been around almost as long as there have been computers, which means bad actors have had lots of time to figure out ways around them. It’s time for something new.
By Tim Spring
Passwords are one of the biggest headaches for IT teams: employees often forget them, even if remembered, they have to be changed frequently, and if they are faked or stolen, entire systems can be compromised. The password is prey to one of the weakest points in any security posture, which is human error.
Norton, a popular security provider, recently released 139 password statistics for 2023 and, if you have time, I recommend reading that article. Here are just a few that got our team’s attention:
6 in 10 individuals in the U.S. report that their organization changes its password security practices after experiencing a cyberattack. (It’s already too late…)
More than three-fourths of employees report regular usage problems related to passwords. (Not a great use of time for the employees or IT team…)
On average, a 250-person company has nearly 48,000 passwords in use within the organization. (What are the odds that those are all unique?)
We’ve known for years that passwords are insecure, which is why there has been a surge in additional security layers such as two-factor authentication and password managers. But these extra systems lead to more hoops to jump through for employees and employers alike and aren’t even secure themselves — with hackers finding new ways to dodge around multifactor authentication, and Norton, LastPass, and Password State all confirming breaches within the last two years.
The issue is that we are working from the same base technology. Think of your organization as a ship. Every new security threat is a new hole in your hull, and you’ve been patching these holes constantly as they come up. The holes you know about cost you money and cause headaches, but the ones you don’t know about could sink you. At what point is it time for a new hull?
Verifiable credentials offer a completely new option to keep your organization safe and make your IT team’s lives easier. A verifiable credential uses cryptography to prove its source and digital signatures to prove it hasn’t been tampered with. In short, if you issue your employees verifiable credentials as proof of their employment, they can log into your systems without having to use passwords (See our “Beginner’s Guide to Decentralized Identity” for an in-depth introduction to how the technology works).
Other benefits include simplifying enrollment in external payments and benefits providers and easily being able to issue and revoke credentials: No more having to track down everything an employee had access to and changing passwords or manually removing access when they leave.
Implementing open-source verifiable credential technology into your existing IAM systems is relatively easy to do with pre-built solutions such as Proven Works offering a fast way to get started. These systems do not require ripping and replacing existing infrastructure investments, and can help you orchestrate access to your entire suite of SaaS applications.
To see first hand what verifiable credentials could look like at your organization we recommend this short demonstration of Proven Works, or you can ask any specific questions you may have to our team here.