Passwords are broken, says KPMG
'Weakest link' in security chain could and should be ditched in coming years, KPMG's cybersecurity boss predicts
KPMG has called for passwords to be ditched as it reeled off its annual list of predictions for the cybersecurity industry.
David Ferbrache, technical director at KPMG's cybersecurity practice, said he would "dearly love" to see his prediction that passwords will be abandoned in favour of "a more sophisticated approach" to authentication come true in 2016.
He also predicted that 2016 will be the year in which terrorists begin to deploy cyberattacks, and extortion attacks make a comeback.
Ferbrache admitted any password apocalypse is unlikely to occur in 2016 but held out hope that it may come "in a few years".
"Passwords are broken! They have become one of the weakest links in our security chain. People are being forced to adopt more and more convoluted passwords, while simultaneously trying to avoid the temptation to reuse those super-strong passwords," he said.
"It is high time we moved to a more sophisticated approach of authenticating people which blends biometrics, behavioural analysis and contextual information rather than relying on knowledge of a single, increasingly user-unfriendly password."
Ferbrache also warned that it is "inevitable" that terrorist organisations will explore and exploit cyberattacks in 2016.
"While these attacks are likely to lack the visceral impact of the tragic bombings and shootings which have become all too common, they are likely to become more frequent in our increasingly interconnected and interdependent world," he said.
Firms will also finally begin to recognise that a well-resourced cybercriminal will find a way in, regardless of the robustness of their defences, Ferbrache added.
"Many business now accept the likelihood of a data breach and are turning their attention to what a cyber incident might actually mean for their business, and just how they can restore and maintain client and customer confidence if and when they are hit - an issue for the whole C suite, not just the CIO," he said.