A more radical approach to access security is required for organisations and businesses.
Following Australia celebrating ‘change your password day' as part of its National e-Security Awareness Week, GrIDsure chairman Jonathan Craymer claimed that while the initiative should be commended, there is a need to not just look at changing passwords, but to change the entire system.
Craymer said that the belief that passwords are both free and secure is a ‘common myth', but this could not be further from the truth as the cost of a password reset can be extortionate.
Research from META Group and Gartner suggests that for an average organisation there are about 6.3 password-related helpdesk calls per user, per year and Forrester estimates that each call can cost businesses between $25-75 USD. For a lower cost estimate for a typical 1,000-user company, it could be spending between $157,500 and $472,500 on maintaining their ‘free' password system every year.
Craymer said: “GrIDsure has spoken to enough IT managers and users across the
“These passwords usually have to be changed every 60 days and can become impossible to remember, so staff often end up writing them on a post-it note and sticking it on their monitor or under their keyboard – and how secure is that?”
Craymer believed that businesses should not ‘continue to delude themselves by thinking passwords are a low cost and secure option for authenticating individuals on to PCs, smartphones and web-based portals. They must realise that there are much more secure, cheaper and manageable systems available'.
He pointed to tokenless two-factor authentication alternatives to passwords and PINs as a more secure, easier to use and cheaper solution.