May 3rd is World Password Day and no doubt there will be the usual assortment of stories and tutorials on how to strengthen and manage all our passwords, strong words of caution on the dangers of using weak p@$$vv0rd$, and alarming reports that “123456” and “password” are still used by anyone. All of this is useful commentary and BlackBerry wholeheartedly agrees: we all need to adopt password best practices and we encourage our customers to consider some of the password apps available from our partners at AimBrain, iDENprotect, and NoPassword.
Still, the reality is that despite very real dangers, many people are prone to continue engaging in risky behavior even when they know full well that the consequences could be personally catastrophic. And that means people remain the most imminent (if unwitting) cybersecurity threat to themselves and their employers.
But what if human behavior were instead the key to solving this problem?
That’s the idea behind “adaptive authentication”, an innovative area of exploration for BlackBerry that has only recently become possible through advances in AI and ML. We liken the concept to how your bank monitors activity on your debit and credit cards. As time passes, data is collected on purchases, vendors, and transactions to build an activity model that is used as a referential baseline. When any activity occurs that deviates from the norm of that activity model, the bank’s security system flags it as suspicious activity and takes the necessary course of action to address the flag (e.g. confirmation text messages, automated phone calls, account suspension, etc).
Adaptive authentication functions similarly. Let’s take your corporate identity: the company knows when you log in, what network(s) you are connected to, all of the enterprise IoT endpoints you are connecting with, the services and data you consume and more. Because of the advances in computer science, we can now combine identity and security analytics to create a digital identity based on continuous, contextual authentication. Because of what is known about your working behavior, suspicious activity can be immediately flagged and users presented with contextually aware challenges to further prove that you are not an impostor.
With adaptive authentication we may finally be able to bury the flawed model of traditional passwords as a relic of the past, replacing them with a digital identity that is functionally impossible to clone because it makes who you are and what you do your new password. And while the technology is not yet ready for prime time, rapid advances in the science mean we are a lot closer to the end of passwords than we are the beginning.
With that in mind we ask that you join us in looking at World Password Day less as a time to reevaluate your passwords (though clearly many of us should), but rather a time to holistically reevaluate security strategies with an eye towards the future and what is now possible.