Password authentication

The list of most commonly used passwords doesn’t change much from year to year. Perhaps in the top three it’s always a battle between “12345”, “asdfjk;”, and “abc123”, but for the most part, nothing new is introduced. For years it’s been said that the password is nearing its death, and with biometric technology and two-factor authentication entering the mix, it’s getting there. But one security expert has actually taken unprecedented steps in ensuring that passwords are replaced.

By implementing a behavior-based security system at Aetna, Chief Security Officer Jim Routh has a better view into what devices employees at Aetna use, and how they use them. When it comes to authentication in the enterprise, Routh believes that it’s no longer reliable for binary controls to determine whether somebody gets into an application or not. It’s turned into a continuous authentication process throughout a user’s electronic interactions.

“It’s a foundational change and it’s largely being driven by the obsolescent of passwords,” Routh told InfoSec Insider during a recent interview. “Passwords are built on the foundation of assuming that you’re the only one that knows your password. That assumption is no longer valid.”

In the recent video interview below, Routh discusses why he believes passwords are obsolete, how he’s done away with them at Aetna, and why and how security managers can take a similar approach.


To learn more about this topic and gain more insight into Jim's approach to security, the upcoming Security Leadership Exchange in Ponte Vedra Beach, Florida is the perfect opportunity. Join Jim and other featured speakers at this exclusive event aimed at chief security officers.