Limitations of Password Authentication This paper describes security considerations for online authentication for corporate systems. In recent years, the rapid spread of digital technology in society as a whole and the use of cloud services in business have greatly expanded the opportunities for authentication. For example, login via the Internet often requires authentication for chats and video conferencing. In addition to the conventional in-house domain and in-house application, the spread of SaaS such as Microsoft 365 and Salesforce is supporting the increase in the number of authentications. Username and password authentication is the most familiar method for everyone, but it has become a challenge in recent years. You will often see discussions about how passwords should be, such as lengthening, complicating, and changing them regularly. However, authentication using a password before that is insufficient for security measures. This is because it is easily broken through by an attacker. In the first place, authentication is a procedure to verify that the person using the system is really the person. Imagine the procedure of opening the door of a building and entering it. In that case, the password becomes the watchword. It would be easy to understand if you say, “I can open the door because I can say the secret word.” In other words, traditional authentication using passwords is simple. Therefore, many issues have been raised in recent years. First, there is a research report that “80% of security breaches involve authentication information breaches.” In addition, users have a large number of online accounts with an average of 90 or more. Nevertheless, another survey found that as many as 51% of passwords were reused. And a Dark Web investigation report released in 2020 also revealed that 15 billion login information (username, password) was stolen from 100,000 breaches. As you can see, there are many reports of password-related security issues, but as many as 41% of organizations still consider usernames and passwords to be one of the most effective access control tools. By continuing to rely on passwords, people are vulnerable to many authentication attack vectors, including: Password list attacks Mechanisms of brute force attacks such as password spray attacks Phishing and social engineering Keystroke logging It has been mentioned in various places that cyber attacks are also increasing in the current pandemic of new coronavirus infections. Akamai Technologies, which observes on the security infrastructure on the Internet, has observed that malware-related sites increased by 447% from March to May 2020.
Figure: Malware is increasing significantly compared to healthy categories such as chat and streaming Now that online is accelerating due to refraining from going out and working from home, cyber security needs to be more vigilant than ever.