As 90 per cent of internet users are worried about getting their passwords hacked, is the password here to stay as the core of personal digital security? With this in mind, cybersecurity experts Ping Identity, uncover what the future of passwords looks like for businesses and consumers alike.
In 2004, Bill Gates predicted the death of the password, envisioning the mass adoption of more secure systems. Much like the paperless office, the end of the password has yet to materialise but many alternatives are widely available that can either replace, enhance, or complement passwords. However, passwords are still the primary method of authentication for a majority of applications.
The advantages and disadvantages of passwords
Passwords are the default method of authentication, and it’s not because of security or user experience. Passwords are simply ingrained in our mindsets and in the processes developers follow in building applications and services. Let’s review the pros and cons of passwords.
- Easy to implement
- Cheap to run
- No intricate hardware or software to maintain
- Self-service resets/account recovery
- Difficult to remember and/or easy to guess
- Creates significant login friction
- Storing passwords is onerous and presents an attractive target for attackers
- Password requirements lead to lost revenue with abandoned carts/registrations
- Increased help desk costs
What makes a password strong?
No password is bulletproof. Although long, complex passwords reduce the risk of account compromise, they are still susceptible to techniques like phishing and keylogging. However, there are certain actions you can take in setting passwords to increase your levels of online safety:
- Password length: Every character is important when it comes to building your password. Your password should ideally consist of at least 12 characters, as a 12-character password takes 62 trillion times longer to decode than a six-character one.
- A combination of upper- and lowercase letters, numbers, and symbols: Using all lowercase letters alone within a six-character password would present 3 x 108 possibilities for a password combination. However, using a 12-character password containing lowercase and uppercase letters, numbers, and symbols would present 19 x 1021 possibilities.
- No ties to your personal information: 59 per cent of users include their name or birthdate in their password, a huge mistake when aiming for optimal security. Even when using a sufficiently large number and variety of characters, the majority of Google users include personal information such as their birthdate or the name of their pet, spouse, children, or even themselves.
- No dictionary words: This one speaks for itself: If a word can be easily looked up in a dictionary, it will be exceptionally easy for a hacker to decipher.
Change password if breached
Shockingly, only 45 per cent of people would change their passwords after a breach. Changing your password if compromised is essential in the security of your accounts. NIST’s latest guidance suggests that changing passwords once per year is sufficient unless you know the password is compromised, in which case immediate action must be taken.
Don’t reuse passwords
Microsoft found that over 40 million users reused passwords, while a study by LastPass revealed that employees reuse a password an average of 13 times. Reused passwords can represent a huge risk because once one of your accounts has been compromised, every place you have used these credentials is also at immediate risk. SSO is also widely used, especially for social media logins. Although not as insecure as using multiple passwords for different accounts, SSO must be implemented in unison with other secure login capabilities.
Don’t share too much online
Cybercriminals have become increasingly proficient at understanding the behaviours of online users. If you spend time on social media, you will have come across quizzes, which are often designed to acquire private information in order to hack your account. These quizzes can often ask for information such as your pet’s name, your kid’s name, or your favourite books or movies. Avoid clicking on these quizzes, even if you know the sender.
Use a password manager
A password manager will help you to keep track of your passwords, yet only 24 per cent of people use one. These tools will help you generate and store your credentials securely.
Find out if your passwords have been stolen
Password dumper malware is the most common form of malware, accounting for almost 40 per cent of malware-related breaches. Additionally, 80 per cent of hacking breaches are linked to passwords, which reinforces the fact that you should keep track of whether your data has been compromised. By signing up for data breach notifications such as haveibeenpwned? you can find out whether you need to take preventative action before it’s too late.
Zain Malik at Ping Identity comments, “Although there is no form of account protection truly impervious to hacking, passwordless is the least prone to successful cyberattacks. In the last two years, cyberattacks have increased to never before seen levels, averaging at 925 cyber attacks a week per organisation, meaning implementing passwordless authentication is more important than ever before. While passwords have entropy, the same cannot be said for biometric data. We need to keep an eye on AI, deep fakes and advances in breaking encryption, as they will pose a threat to password replacements.”.