Events , Identity & Access Management , RSA Conference

The Journey to Being Truly Passwordless

Susan Koski on the Problem With Passwords, the Promise of Authentication Analysis
Susan Koski, CISO and head of enterprise financial security, PNC Financial Services Group

While multifactor authentication helps solve some of the problems with passwords, we still need to get to being truly passwordless, said Susan Koski, CISO and head of enterprise financial security at PNC Financial Services Group. She said adopting the FIDO standards, using zero trust and relying on authentication analysis can all help speed the journey.

See Also: Shift From Perimeter-Based to Identity-Based Security

Koski said the problem with passwords is that "criminals know how to trick humans into getting them," and people reuse their passwords, making them fundamentally insecure. "FIDO gives us ... nonphishable authentication that is cryptographically secure and puts the biometrics into the user's device so they don't have to remember all these things and they can eventually get rid of the password.

Authentication analytics solutions can play "an incredible role," Koski said, by obtaining analytics about a user's device and behaviors, which can be used to determine when to add extra friction to a transaction that seems to contain anomalous behavior.

In this video interview with Information Security Media Group at RSA Conference 2023, Koski also discusses:

  • Using authentication analytics with zero trust to determine ID risk scores for employees;
  • Encouraging people to have device recovery;
  • Why "password resets should go away."

Koski is responsible for information security strategy, digital identity for customers and the workforce, data protection, vulnerability management, threat intelligence, and security incident management, among other areas. She previously served in executive leadership roles with BNY Mellon, Synovus and Aetna.

About the Author

Jeremy Grant

Jeremy Grant

former Sr. Executive Advisor NIST; Managing Director, Technology Business Strategy, Venable

Grant is a managing director at Venable, where he works with the firm's clientele to develop growth strategies, identify market solutions and advise on policy impacts across the information technology and cybersecurity and government services. In this role, Grant utilizes his diverse background and deep understanding of business, technical and policy issues around identity, privacy and cybersecurity, having served in a range of leadership positions spanning government and industry. Prior to joining Venable, Grant established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC), the first new cybersecurity program launched by the Obama administration. Housed in the National Institute of Standards and Technology (NIST), Grant led the administration's activities across private and public sectors to drive a marketplace of more secure, privacy-enhancing identity solutions for online services.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.