Th3 L0ng SlOw D3ath Of Th3 Passw0rd
Thu 7 May 2020 | Jon Lucas
On World Password Day, Jon Lucas asks if we could soon see the death of the password
Some have them openly saved on a notepad. Others prefer to add them as a random contact on their mobile phone. A few try to remember them off by heart – but ultimately most people have to go through the rigmarole of resetting passwords on a regular basis.
Since the early days of computing back in the 1960s, passwords have been the go-to method for computer security. They are simple and straightforward to implement, enabling a user to keep files and data secured by requiring a specific and unique string of characters for access.
Naturally, 60 years ago the world wasn’t nearly as connected as it is today. Fast-forward to 2020 and you have sensitive services such as online banking and shopping relying heavily on password access. And, with so much of our lives happening on digital platforms – especially in times when the global norm is to stay in – it’s no wonder that virtual accounts have become magnets for cybercriminals.
Despite the leaps and bounds made in computer technology over the past 20 years, the need for passwords and logins to access sensitive information continues across both enterprise and consumer platforms. And yet, every day, tens of thousands of users still struggle to remember that elusive combination of letters, numbers and symbols to access the service that they need.
It seems like user identification with passwords and PINs is no less than a memory challenge. They are set to escape your mind the moment you come up with them. Consequently, some users set passwords that are simple to remember – name followed by year of birth (Jon1989), series of characters (123456), and “password” to mention a few – ultimately making their accounts more susceptible to breaches at their own peril. And there is also a considerable number of those who use the same one for multiple accounts.
Whilst making passwords less challenging to recall, users are also making them less challenging for hackers to steal. Not to mention the curse of crafty phishing games on social media asking for your favourite colour, name of your first pet or your mother’s maiden name in order to hack a potential route into your sensitive accounts.
It’s clear that passwords are the weakest link in cyber security. Yes, they are easy to implement. But at what cost to the user and the industry as a whole?
Just take a look at headline breaches. A closer examination and you’ll see that in most cases, the attack vector has been the password. In fact, Verizon’s Data Breach Investigations Report states that 81% of data breaches are caused by compromised, weak or reused passwords.
LinkedIn’s 2012 data breach, for instance, exposed the personal information of 167 million user accounts that have reportedly been up for sale on the dark web ever since. Users had their accounts hacked and data exposed as a result of both weak password choices and a failure on LinkedIn’s part to protect its members’ information.
If you think that most users use the same password across multiple platforms, the compromised data could lead to even greater security risks.
To improve digital security without relying on people’s memory, tech companies are investing in stronger solutions to access information at both personal and professional levels.
With the use of smartphones continuing to rise, most users are already familiar with advanced biometric security options such as face recognition and fingerprint scanning. Unlike passwords, biological passcodes can neither be shared nor forgotten or stolen, ensuring fast and reliable access to accounts. Biometrics combined with multi-factor authentication is probably the best alternate option to passwords, as it eliminates the hassle associated with them, making identification a more convenient experience.
Also known as two-step verification or dual-factor authentication, two-factor authentication adds an extra layer of security to login attempts by working as a secondary identifier. Typically, it involves clicking on a link sent to a phone number or email address to make sure that people trying to gain access to an online account are who they say they are. However, it is important to highlight it doesn’t eliminate the need for a password.
Password managers work like an online wallet to store passwords to your accounts. Similar to two-factor authentication tools, they don’t avoid the use of passwords. However, they help by not only generating strong passwords but also keeping them secure and encrypted. The only password users need to remember is the one to access the password manager itself. In that sense, choosing a reliable password manager is crucial. There are many options on the market, and users should assess which ones best suit both their needs and their wallets.
The slow death of the password
With different tools either allowing for passwordless security or adding extra layers of protection, I wouldn’t be surprised to see the decreed death of the password in a few years. Of course, there’s still much chatter around which will be the universal password ‘killer’ – if there ever will be one. And there’s also those who believe they will be lurching on for some time to come.
It’s important to always be prepared for the “just in case”. Following best practices such as using strong passwords, biometrics and multi-factor authentication goes without saying. If you’re a business manager, I recommend promoting cyber security awareness in the workplace and focusing on the importance of password management. Assess whether you have a robust cyber security system in place and follow the tips shared above. In the meantime, the rule of thumb is – stay safe.