Every day I read another post, hear another news story, or have another conversation that passwords are insecure and that PKI and digital certificates must replace passwords. Comparing passwords to certificates, or PKI, is not correct because:
- A passwords is a single component within multifactor authentication.
- Certificates and PKI are a complete infrastructure made up of many different components.
- What keeps certificates secure is how their keys are safeguarded, generated, protected, and managed
Therefore, the correct comparison is between passwords and keys (symmetric and asymmetric). The comparison with PKI must be made against “Password Authentication Infrastructure” (PAI).
PAI may be a new acronym but its architecture is well founded and well established since it uses many of the same component found in PKI. PAI consists of four major principles:
- Removal of the employee from the role of network security manager
- Strong, complex, long unique passwords that change frequently
- Secure password manager that uses advanced encryptions algorithms and secure communications protocols to generate and manage password
- Multifactor authentication
PKI utilizes the advantages for a multitude of components all working together to fully authenticate a person or device. So, who says you can’t use many of those same components to secure password authentication.
The great advantages of a password are:
- They can be changed frequently at little to no costs
- Most software, networks, clouds and applications accept passwords
- No expensive network modifications are required to implement passwords.
The disadvantage is that we let the weakest link in the security chain manage them: the user.
Our Power LogOn is more than a password manager. It is a full blown, enterprise level PAI. It has received FIPS 140-2 validation from an independent NIST lab, very fast to fully implement without any backend server modification or hardware purchases, and most important, it is very convenient for employees to use.
Will a strong password now keep your computers and network save from hackers? No, but neither will PKI. Network security is made of many layers and barriers that also have to work together both in front and behind the firewall. The first point of cybersecurity must been when the computer is first turned on and before the Operating System is fully loaded. PAI does that and so much more.
Access Smart created Power LogOn, a PAI solution where a password can be just as long and just as secure as any symmetric or asymmetric private key. Please contact Access Smart at www.access-smart.com to learn more about our amazing PAI solution.