Passwords Are Not Obsolete, Yet...

There is a really good article titled "Passwords are Obsolete"(https://medium.com/p/9ed56d483eb) by Justin Balthrop making the rounds on Medium. I agree with most of what he is saying with a few caveats; this is going to take a very long time to change. More than years; I'm thinking decades. Since we live in a world where passwords are going to remain, let's manage them better while working on removing them.

 

Password Overload

 

At Bitium we deal with large organizations that have thousands of employees and hundreds of apps. Even if passwordless authentication were to catch-on among developers and become very in vogue tomorrow, a lot of pay phones remain active throughout our internet city. IT Managers face huge challenges with making sure people who no longer work for their organization, don't have access to any of their apps. A feature we offer at Bitium helps a great deal with this:

Sharing Access Without Sharing Passwords

You can assign apps to employees through bitium and the end-user will never even know their password. And if you revoke access and remove the employee's work email address, they have no way to access said app.

Alternate Authentication isn't a Fail-Safe

If authentication via a code sent to your phone becomes popular, we have a new challenge. People use their personal cell phone numbers for these things. No one has a work SMS # and a seperate personal SMS #, or at least very few people do. We are creating a new nightmare for IT managers. Rogue app access from ex-employees with personal cell numbers can still access apps. You can disable someone's work email address, but you cannot disable SMS messages sent to their personal phone.

So as we enter this world of passwordless authentication, let's start with a paradigm shift. The authentication needs for web apps used in your personal life are different than the authentication needs for web apps used in your business life.

Single-Sign-On should be possible. We want companies to let employees authenticate just once (usually at the start of their day) and have access to all their apps with the click of a button (read: Password Peril: The Frontline Security Challenge in the SaaS Age). In the future, Bitium will be releaseing an API to let web app developers design their systems to support this easily. Hang in there IT Managers, we got you covered.