Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

The future of passwords in the enterprise 

By Thomas Pedersen, CTO and co-founder of OneLogin

Weak passwords have plagued businesses and security parameters for generations. People tend to set passwords that are easy for them to remember without considering how a weak password will impact the security of their data. This translates to corporate environments where employees tend to use personal passwords, meaning they are inevitably putting their corporate network at risk as it is now far easier for cybercriminals to get hold of an individual’s’ personal information and, in turn, company data.

The reality is most organisations are failing to enforce even the most basic requirements when it comes to passwords, putting their business at significant risk of data breach. In fact, according to OneLogin’s research, only 31% of UK organisations require employees to rotate their passwords monthly and 52% only request password rotation once every three months. Worryingly, 14% of people rotate their passwords on a bi-annual to annual basis.[1]

The good news is that, enterprise identity has two major advantages over consumer identity. The first one is that an enterprise owns and manages all of its employees’ corporate identities, from the moment an employee joins an organisation to the moment they leave. When someone starts a new position, they are assigned an email address and password that ties them to the company they have joined. This is basically an employee corporate ID, providing them access to the relevant parts of the corporate network and applications. The day they leave the organisation, their email account is suspended – so they no longer have the ability to access the corporate network and applications.

The second advantage that enterprise identities have over consumer identities is that the enterprise space has identity standards that allow a large ecosystem of players to seamlessly collaborate, such as Security Assertion Mark-up Language (SAML). This standard is supported by thousands of enterprise applications and eliminates the need for user passwords. For example, once an organisation enables SAML for a cloud application like Salesforce, its users can no longer sign in with a password. When an employee tries to sign into his organisation’s Salesforce account, Salesforce will instead redirect the user to that organisation’s identity provider, which will then authenticate the user and then sign the user into Salesforce using the SAML protocol. This will therefore create a safer and seamless environment for employees, without the worry of replacing and reusing passwords, employees and enterprises can have trust in the SAML procedure to authenticate their employees effectively.

Without getting too technical, SAML eliminates passwords by replacing all the users’ passwords with a digital certificate, which has been issued by the organisation’s identity provider. When a user is signed into e.g. Salesforce by the identity provider, it generates a so-called SAML assertion, which is a digitally signed XML document that contains the user’s identity among other things. Salesforce can then use the digital certificate to verify that the signature is valid and extract information about the user’s identity. To use ourselves as an example, all important cloud apps we use at OneLogin support SAML; both on web and mobile, which means that employees don’t have to remember any app-specific passwords. All they have to remember is their OneLogin password, which is protected by multi-factor authentication.

It is no secret that everyone hates passwords. Stories around password hacking always grab the news headlines since they are crucial in the safety and development of internet security. In-fact, it was revealed in the media that Facebook has stored millions of passwords that are not protected by any encryption[2]. The harsh reality is that many organisations are failing to adhere to continuous security changes – putting their customers’ data and privacy at risk every-time they allow security to fall through the cracks. Essentially, if a customer uses a weak password on a corporate network, they are not just putting themselves at risk, they are jeopardising the whole corporate network.

Of course, it is fair to say that we still have a long while to go until passwords are completely gone forever, it is unlikely to happen anytime soon. Passwords are crucial to the safety of the evolving technology industry, they are secure and reliable with new technology processes.

In summary, the harsh truth is that consumers are going to have to deal with passwords for a long time. However, thanks to the ‘SAML’ standard and easy-to-deploy Identity-as-a-Service solutions like OneLogin, enterprises do have the option to eliminate the need for most of their employee passwords.