In order to provide American citizens and organizations with better information and tools to protect their data online, The White House earlier this year released the Cybersecurity National Action Plan (CNAP). The plan “takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” A key goal of this plan is to help citizens understand that usernames and passwords simply are not strong enough to protect their data. If you saw our announcements earlier this year about moving beyond passwords, you know that we could not agree more! To promote awareness of these issues, the National Cyber Security Alliance (NCSA) launched the Lock Down Your Login campaign, with the stated goal of “empowering Americans to better secure their online accounts by moving beyond just usernames and passwords and adding an extra layer of security.”
Reading the Lock Down Your Login press release (Link no longer works), the statistic that jumped out at me is “72 percent of Americans believe their accounts are secure with only a username and password.” From a consumer standpoint, this makes sense since it is the only way most people have ever known. From retail to banking to social sites, usernames and passwords are the standard method for logging in, so they must be secure, right? The press release addresses this, too, noting that 62 percent of data breaches last year could have been prevented with strong authentication. Clearly, usernames and passwords are not enough!
Strong Authentication: The Better Way to Lock Down Your Login
In the identity world, we are all familiar with the concept of strong authentication, but I would bet this phrase is new to most consumers. They might have heard of multi-factor authentication (maybe), two-step login (a bit more likely), or “I’ll send you a code via text” (probably very likely), but we have now reached the stage where every organization needs to offer strong authentication for their online services, and perhaps they should even require it for services that deal with really sensitive information like financial and health records. And the “Lock Down Your Login” campaign should help to educate consumers to take advantage of these capabilities.
Of course, the potential downside of strong authentication is hassle. But just as it was a bit of a hassle to move from the early days of the Internet where you could easily relay mail through nearly any SMTP server without so much as a user ID, to the modern world where authentication and encryption is required for nearly everything, it is a necessary step for a connected world. And new technology innovations like Push Authentication and built-in biometric scanning on mobile phones simplifies the login process for users. Eventually, strong authentication will be the new normal.
As companies develop new applications, consolidate services, and try to provide a more personalized (and just plain better!) end user experience, strong authentication has to be a key component of the plan. With a variety of strong authentication options, including the previously mentioned Push Authentication capability, as well as comprehensive adaptive authentication capabilities, the ForgeRock Identity Platform is an ideal foundation for a secure, modern, consumer identity strategy. I am excited to see what inroads the Lock Down Your Login campaign makes in helping keep Americans’ data safer and more secure by raising awareness about better authentication.
If you would like more information about moving beyond passwords with the ForgeRock Identity Platform, check out:
Chris Kawalek is Product Marketing Director at ForgeRock.