Nobody enjoys passwords. They are inconvenient for all of us. Interestingly, some companies and specific products and services are moving away from using them. Passwordless systems and strategies are popping up in many technology discussions.
It’s clear that tech companies are eager for a passwordless world
Many companies like Google, Apple, and Microsoft, are exploring new authentication technologies like biometrics and other multi-factor authentication (MFA) methods like authentication tokens or authentication apps that might make them a thing of the past.
Google has allowed Pixel devices and Android 7+ device users to verify their identity with their fingerprint or screen lock instead of a password when accessing certain Google services. Check out this article about them from Google: One step closer to a passwordless future
Apple has introduced Passkeys replacing password-based logins with Face ID, Touch ID, or a security key. Hear what Apple has to say here:
Microsoft declared that the passwordless future has arrived for Microsoft accounts. Instead, users can now remove passwords from their Microsoft accounts and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to sign in to Microsoft.
How did we get here? Why the push for a passwordless world?
For a long time, passwords have been a big part of the computer and network security. But, tech and cyber security specialists are seeing and understanding some of the risks associated with traditional passwords.
- They can be burdensome: Most people use about 100+ passwords, and for people in business, their work-related passwords create even more passwords they have to remember and manage.
- While password managers allow people to add their passwords to a secure vault, some consumers don’t trust password managers. This forces users to commit passwords to memory, which is why many workers defy password recommendations by creating weak, easy-to-recall passwords.
- They can be a major security risk (it is estimated that 1 million passwords are stolen weekly)
- Weak ones can be very expensive for businesses and organizations. The theft of a single password can enable a data breach.
But despite these dangers, passwords are still one of the most effective protections that individuals and companies use to keep their data safe … especially with so many people working remotely. And, although many new authentication methods have become available, they are still the most common method of authentication.
Where are we headed with Passwords?
Additional multi-factor authentication and biometrics are the most likely authentication methods to replace today’s passwords. These authentication methods add an extra layer of security to accounts and devices. These changes will force cyber criminals and hackers to change their tactics to penetrate these new security techniques.
As biometric use grows and becomes more widespread, cyber attacks on biometric authentication methods will increase. This presents a problem because, unlike your password, there is no easy or pleasant way to reset a person’s biometrics.
Strengthening your password security continues to be a top priority
Because there is no current method to totally rid ourselves of passwords, organizations should continue to improve their password security to defend against cyberattacks.
Here are a few things you can do:
- Institute a sound policy and enforce compliance with it.
- Enforce long (15 characters or longer) with some level of complexity
- Use multi-factor authentication (MFA) as an added security layer
- (Repeated on purpose) … use MFA on EVERYTHING!
While we are all eager to move to a passwordless system, small to midsized organizations have a way to go before they stop relying on passwords to secure their technology assets. Until then, we all need to use strong password protocols (and MFA) to secure ourselves and our organizations.
To learn more about protecting your passwords, check out this article:
8 Password Attacks Aimed at SMBs
If you would like to see more cyber security articles, check this link:
Or if you have more immediate needs, maybe we can help.