Usernames & passwords: Will they soon be obsolete?
January 15, 20215:44 pm
2 min read
Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne
When you look back at what happened in 2020, we know that people started to work from home in droves. Of course, this taxes the federal systems administrators to come up with ways for people to log in remotely. The key component of this process is identification.
Sean Frazier, federal CSO at Okta, specializes in identity management, has been around for eleven years, and has a strong federal presence.
Frazier joined host John Gilroy on this week’s Federal Tech Talk and reviewed efforts from NIST to discuss identity management, lifecycle management, as well as some of the challenges of identification for Robotic Process Automation (RPA).
The change to the cloud is taxing the ability of all identity services. One may have to work through identification systems for public clouds, private clouds and hybrid clouds. Frazier suggests that the traditional paradigm of username and password are outdated concepts. Username and password were concepts in the early days of the internet, they were not designed for security.
NIST has several publications that address the issue of identification. Some may consider a password management application, but this disguises the problem. Today’s identification management systems must rely on much more the credentials provided by a user.
Most systems do not consider aspects of identity management like when a person leaves an agency or when they transfer agencies. During the interview, Frazier expands on a concept from software development called “lifecycle management” for managing identification.
It is not just humans we have to worry about – Robotic Process Automation requires bots to have application credentials. This takes the concept of username and password and makes it look ridiculous.