Are Passwords A Thing of The Past?

Passwordless and passwords

Nobody enjoys passwords. They are inconvenient for all of us. Interestingly, some companies and specific products and services are moving away from using passwords.  Passwordless systems and strategies are popping up in many technology discussions.

It’s clear that tech companies are eager for a passwordless world

Many companies like Google, Apple, and Microsoft, are exploring new authentication technologies like biometrics and other multi-factor authentication (MFA) methods like authentication tokens or authentication apps that might make passwords a thing of the past.

Google has allowed Pixel devices and Android 7+ device users to verify their identity with their fingerprint or screen lock instead of a password when accessing certain Google services. Check out this article about passwords from Google:  One step closer to a passwordless future

Apple has introduced Passkeys replacing password-based logins with Face ID, Touch ID, or a security key. Hear what Apple has to say here: Apple Just Killed the Password-for Real This Time

Microsoft declared that the passwordless future has arrived for Microsoft accounts. Instead, users can now remove passwords from their Microsoft accounts and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to sign in to Microsoft.    The passwordless future is here for your Microsoft account

How did we get here? Why the push for a passwordless world?

For a long time, passwords have been a big part of computer and network security. But, tech and cyber security specialists are seeing and understanding some of the risks associated with traditional passwords.

  1. Passwords can be burdensome: Most people use about 100+ passwords, and for people in business, their work-related passwords create even more passwords they have to remember and manage.
  2. While password managers allow people to add their passwords to a secure vault, some consumers don’t trust password managers. This forces users to commit passwords to memory, which is why many workers defy password recommendations by creating weak, easy-to-recall passwords.
  3. Passwords can be a major security risk (it is estimated that 1 million passwords are stolen weekly)
  4. Weak passwords can be very expensive for businesses and organizations.  The theft of a single password can enable a data breach.

 

But despite these dangers, passwords are still one of the most effective protections that individuals and company’s use to keep their data safe … and, although many new authentication methods have become available, passwords are still the most common method of authentication.

 

Where are we headed with Passwords?

Additional multi-factor authentication and biometrics are the most likley authentication methods to replace today’s passwords. These authentication methods add an extra layer of security to accounts and devices.  These changes will force cyber criminals and hackers to change their tactics to penetrate these new security techniques.

As biometric use grows and becomes more widespread, cyber attacks on biometric authentication methods will increase. This presents a problem because unlike your password, there is no easy or pleasant way to reset a person’s biometrics.

Strengthening your password security continues to be a top priority

Because there is no current method to totally rid ourselves of passwords, organizations should continue to improve their password security to defend against cyberattacks.

Here are a few things you can do:

  • Institute a sound password policy and enforce compliance with it.
  • Enforce long (15 characters or longer) passwords with some level of complexity
  • Use multi-factor authentication (MFA) as an added security layer
  • (Repeated on purpose) … use MFA on EVERYTHING!

While we are all eager to move to a passwordless system, small to midsized organizations have a way to go before they stop relying on passwords to secure their technology assets.  Until then, we all need to use strong password protocols (and MFA) to secure ourselves and our organizations.

 

Related Posts