Is the password here to stay as the core of personal digital security?

assets/files/images/02_06_22/bigstock-The-Concept-Is-Hacking-A-Phish-443506586.jpg

In 2004, Bill Gates predicted the death of the password, envisioning the mass adoption of more secure systems. Much like the paperless office, the end of the password has yet to materialise.

Recently, Netflix announced it was cracking down on password sharing to combat slowing revenue growth. This change is going to affect many accounts, as 79% of Americans share passwords. However, users have a lax attitude towards security, with only 13% worried about identity theft. With this in mind, cybersecurity experts Ping Identity,uncover what the future of passwords looks like for businesses and consumers alike.

The Advantages and Disadvantages of Passwords

Passwords are the default method of authentication, and it’s not because of security or user experience. Passwords are simply ingrained in our mindsets and in the processes developers follow in building applications and services. Let’s review the pros and cons of passwords.

Password Advantages

  • Easy to implement
  • Cheap to run 
  • No intricate hardware or software to maintain
  • Self-service resets/account recovery

Password Disadvantages

  • Difficult to remember and/or easy to guess
  • Creates significant login friction
  • Storing passwords is onerous and presents an attractive target for attackers
  • Password requirements lead to lost revenue with abandoned carts/registrations
  • Increased helpdesk costs 

More than half of users and IT specialists would prefer an alternative method in the protection of their accounts. 

Passwordless

Passwordless authentication provides a safer, easier method of logging in using methods other than standard passwords. Examples include biometrics, security keys and trusted devices.

What Are the Benefits of Passwordless Authentication?

When we minimise our reliance on passwords, we can diminish the risk of security breaches. Passwords are the most popular attack vector for malicious actors because they are easy to crack. Passwordless options make it far more expensive and difficult for cyber criminals to succeed, thereby reducing your security risk. User experience can also be improved with the use of passwordless authentication, which has a net positive effect on revenue. 

Biometrics

Biometrics are an increasingly common part of our daily lives. Fingerprint and face recognition tools are omnipresent in mainstream technology. Optical scanning, voice recognition and even heart rate monitoring are also gaining traction as forms of device and account protection. Biometrics are an attractive alternative to passwords because they make access  quicker and less frustrating for users and harder for criminals. 

Pros:

  • Biometrics are very difficult to steal or replicate due to their unique patterns and qualities. 
  • Biometric tools are mostly high-quality technology that’s easy and intuitive to use.
  • Biometrics are embedded in most new devices.

Cons

  • It is not impossible to steal or replicate a person’s fingerprint, face, voice or signature. 
  • Iris scanners are expensive and can be tricky to use. If you move slightly while the scanner is working, or stand too far away from it, the technology may not work.
  • User privacy concerns are greater.

Change Password If Breached

Shockingly, only 45% of Americans would change their passwords after a breach. Changing your password if compromised is essential in the security of your accounts. NIST's latest guidance suggests that changing passwords once per year is sufficient unless you know the password is compromised, in which case immediate action must be taken.

Don’t Reuse Passwords

Microsoft found that over 40 million users reused passwords, while a study by LastPass revealed that employees reuse a password an average of 13 times. Reused passwords can represent a huge risk because once one of your accounts has been compromised, every place you have used these credentials is also at immediate risk. SSO is also widely used, especially for social media logins. Although not as insecure as using multiple passwords for different accounts, SSO must be implemented in unison with other secure login capabilities. 

Don’t Share Too Much Online

Cyber criminals have become increasingly proficient at understanding the behaviors of online users. If you spend time on social media, you will have come across quizzes, which are often designed to acquire private information in order to hack your account. These quizzes can often ask for information such as your pet's name, your kid's name, or your favorite books or movies. Avoid clicking on these quizzes, even if you know the sender. 

Use a Password Manager 

A password manager will help you to keep track of your passwords, yet only 24% of people use one. These tools will help you generate and store your credentials securely. 

Find Out If Your Passwords Have Been Stolen

Password dumper malware is the most common form of malware, accounting for almost 40% of malware-related breaches. Additionally, 80% of hacking breaches are linked to passwords, which reinforces the fact that you should keep track of whether your data has been compromised. By signing up for data breach notifications such as haveibeenpwned? you can find out whether you need to take preventative action before it’s too late. 

Use MFA Verification

Multi-Factor Authentication (MFA) can help to secure your account. By using MFA, you can make your account 99.9% less likely to be compromised. 

Zain Malik at Ping Identity comments: “Although there is no form of account protection truly impervious to hacking, passwordless is the least prone to successful cyberattacks. In the last two years, cyberattacks have increased to never before seen levels, averaging at 925 cyber attacks a week per organisation, meaning implementing passwordless authentication is more important than ever before. While passwords have entropy, the same cannot be said for biometric data. We need to keep an eye on AI, deep fakes and advances in breaking encryption, as they will pose a threat to password replacements.”

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter