In 14th Century England, entering a private or protected place might have been possible through a pre-determined code of knocks on the door, or a code word used by any individual attempting to gain access.This code, or ‘password’,might change on occasion, but usually only after it fell into the wrong hands. Authentication was also achieved by other means, such as requiring entrants to produce a letter with a wax seal of their kingdom or lord.
There was no need to keep a dedicated record of the individuals who knew the secret in order to validate their identity and right to gain access – that one shared secret was proof enough. Meeting places changed, ciphers were created, but proof of one’s identity was relatively simple and trusted.
Throughout the course of history, symbols, words, phrases, keys, and secret codes have been assigned to individuals and groups to authenticate and gain access to a large array of places. From castles, fortresses, and hideaways, to rebel meetings and private organizations - the uses for a shared secret were vast. Then the digital age arose and the uses for a shared secret became nearly boundless.
Fast-forward to the present and, with the proliferation of computers and networks, access is still primarily granted through the use of passwords. While the notion of a shared secret or a password has remained, the security of that secret has changed drastically. Although passwords and codes have become unique to each individual, they can still be lost or forgotten – making them less secure than one might hope, and leading to a rise in demand for stronger security and authentication.i
Now that organizations possess numerous web applications, and a continually growing repertoire of cloud applications are being added each and every day, the need to address the growing complexity and frustration of identity management is at an all-time high. Knowing the secret is no longer proof of identity – it is no longer enough to grant you access to the secret meeting. Private and corporate information is too verbose, and far too valuable to be secured by something so simple. Unfortunately, it is the individual who pays the price for this increase in security.
However, despite popular belief, the future may not necessarily see the death of the pass- word or ‘secret code’ – especially with new strides in Single Sign-on technology being made to reduce password related stress and fatigue. SSO allows for the user to access all apps by authenticating once to a central, trusted authority using a single secret code: The Active Directory password.