Amit: There is so much technology that is hard-wired into our legacy technologies and it will take a considerable amount of commitment and effort where we have to collectively try and make it a password-less environment. That said, we are slowly moving to a password-free environment. With the challenges being faced, organizations as well as individuals are understanding the need for security, and are at least moving towards Two Factor Authentication (2FA) if not a password-less environment. My gut feel is that if one of the big 5 companies starts moving in that direction, others are bound to follow and accelerate the conversion rate.
Amit: While a password is still a way of authentication at most places, we need to be mindful about how we manage our password security, especially while we are using multiple services online. Users must make sure they avoid using the same password everywhere and use some sort of password management tool. If possible then make use of the 2FA wherever possible.
Becoming complacent and choosing the easiest path sometimes is driven by business decisions where organizations onboard clients with the least amount of effort and password security as well as 2FA. On the other hand, some organizations tend to address and include new and better features in their quest for better customer experiences and sometimes fail to test for security holes in the background. Additionally, legacy code that may have been written two years ago gets left out, is vulnerable and opens up so many security holes.
Amit: It’s a good time to be cognizant of password security. In fact, users should consciously look at the ten passwords which they last changed and do the needful. It should be done regularly. For a CISO it will be a good day to promote the message to their users and make it a point to share good guidelines and encourage regular password changes.