“Unfortunately, this is analogous to rearranging deck chairs on the Titanic,” Arshad Noor, CTO of StrongKey, told SecurityWeek. “Passwords are not just old, they are ancient – created for the mainframe to enable chargeback controls for time-sharing in the 1960s. That multi-billion-dollar companies continue to use this archaic technology to protect a multi-trillion-dollar economy is an anachronism of the 21st century. I would strongly encourage Citrix – and others – to look at FIDO Alliance’s new protocol (FIDO2) towards eliminating passwords entirely from their web and mobile infrastructure; it is a 21st century technology designed for a 21st century landscape.”
(Via SecurityWeek RSS Feed)
The Citrix breach is nothing new. In fact, they did what everyone seems to do these days: global password reset instead of fixing the problem. There are so many better ways to authenticate users these days. It would be good to see companies look into leveraging them to improve their customers’ security.
The quote above sums things up nicely. There is no perfect solution. But there is better and that should be the goal.