The Journey to Being Truly PasswordlessSusan Koski on the Problem With Passwords, the Promise of Authentication Analysis
While multifactor authentication helps solve some of the problems with passwords, we still need to get to being truly passwordless, said Susan Koski, CISO and head of enterprise financial security at PNC Financial Services Group. She said adopting the FIDO standards, using zero trust and relying on authentication analysis can all help speed the journey.
Koski said the problem with passwords is that "criminals know how to trick humans into getting them," and people reuse their passwords, making them fundamentally insecure. "FIDO gives us ... nonphishable authentication that is cryptographically secure and puts the biometrics into the user's device so they don't have to remember all these things and they can eventually get rid of the password.
Authentication analytics solutions can play "an incredible role," Koski said, by obtaining analytics about a user's device and behaviors, which can be used to determine when to add extra friction to a transaction that seems to contain anomalous behavior.
In this video interview with Information Security Media Group at RSA Conference 2023, Koski also discusses:
- Using authentication analytics with zero trust to determine ID risk scores for employees;
- Encouraging people to have device recovery;
- Why "password resets should go away."
Koski is responsible for information security strategy, digital identity for customers and the workforce, data protection, vulnerability management, threat intelligence, and security incident management, among other areas. She previously served in executive leadership roles with BNY Mellon, Synovus and Aetna.