While 90% of Internet users fear having their passwords hacked, is the password here to remain at the heart of personal digital security? With this in mind, cybersecurity experts Ping identityfind out what the future of passwords looks like for businesses and consumers.
In 2004, Bill Gates predicts the death of the password, envisioning the mass adoption of more secure systems. Much like the paperless office, the end of the password has yet to materialize, but many alternatives are widely available to replace, improve, or supplement passwords. However, passwords are still the primary method of authentication for the majority of applications.
The pros and cons of passwords
Passwords are the default authentication method, and it’s not because of security or user experience. Passwords are simply ingrained in our mindsets and in the processes developers follow to build apps and services. Let’s review the pros and cons of passwords.
Benefits of Password
- Easy to implement
- Cheap to run
- No complex hardware or software to maintain
- Self-Service Resets/Account Recovery
Disadvantages of Password
- Difficult to remember and/or easy to guess
- Creates significant connection friction
- Storing passwords is expensive and presents an attractive target for attackers
- Password requirements lead to lost revenue with abandoned carts/records
- Increased help desk costs
What makes a strong password?
No password is bulletproof. Although long and complex passwords reduce the risk of account compromise, they are still susceptible to techniques such as phishing and keylogging. However, there are some steps you can take to set passwords to increase your level of online security:
- Password length: Every character is important when it comes to creating your password. Your password should ideally be at least 12 characters long, because a 12-character password takes 62 trillion times longer to crack than a six-character password.
- A combination of uppercase and lowercase letters, numbers, and symbols: Using all lowercase letters alone in a six-character password would present 3 x 108 possibilities for a password combination. However, using a 12-character password containing lowercase and uppercase letters, numbers, and symbols would present 19 x 1021 possibilities.
- No connection to your personal information: 59% of users include their name or date of birth in their password, a huge mistake when aiming for optimal security. Even using a sufficiently large number and variety of characters, the majority of Google users include personal information such as their date of birth or the name of their pet, spouse, children or even themselves.
- No Dictionary Words: This one speaks for itself: if a word can be easily looked up in a dictionary, it will be exceptionally easy for a hacker to decipher.
Change password if breached
Surprisingly, only 45% of people would change their password after a breach. Changing your password if it is compromised is essential for the security of your accounts. NIST’s latest guidelines suggest that changing passwords only once a year is sufficient unless you know the password is compromised, in which case immediate action should be taken.
Do not reuse passwords
Microsoft found that more than 40 million users reuse their passwords, while a study by Last pass revealed that employees reuse a password an average of 13 times. Reused passwords can be a huge risk because once one of your accounts has been compromised, every place you’ve used those credentials is also at immediate risk. SSO is also widely used, especially for social media logins. While not as dangerous as using multiple passwords for different accounts, SSO should be implemented in unison with other secure login capabilities.
Don’t share too much online
Cybercriminals have become increasingly adept at understanding user behaviors online. If you spend time on social media, you will have come across quizzes, which are often designed to acquire private information in order to hack your account. These quizzes can often ask for information such as your pet’s name, your child’s name, or your favorite books or movies. Avoid clicking on these quizzes, even if you know the sender.
Use a password manager
A password manager will help you keep track of your passwords, but only 24% of people use one. These tools will help you generate and store your credentials securely.
Find out if your passwords have been stolen
Password dump malware is the most common form of malware, accounting for nearly 40% of malware-related breaches. Moreover, 80% of hacks are related to passwords, which reinforces the fact that you need to know if your data has been compromised. By subscribing to data breach notifications such as have they been fitted? you can find out if you need to take preventative action before it’s too late.
Zain Malik at Ping Identity comments, “While there is no truly hacker-proof form of account protection, passwordless is the least prone to successful cyberattacks. Over the past two years, cyberattacks have reached unprecedented levels, with an average of 925 cyberattacks per week per organization, meaning the implementation of passwordless authentication is more important than ever. . While passwords have entropy, the same cannot be said for biometric data. We need to keep an eye on AI, deep forgers, and progress in breaking encryption, as they will pose a threat to password replacements.