Passwords have been of crucial importance in our digital lives and the world of cybersecurity. They provide the first line of defence against unauthorized access to important data on countless technological devices. But despite passwords having been a relatively strong barricade over the years, certain user issues have arisen, and not all have been able to successfully protect their sensitive information, leaving a massive problem for businesses of all sizes which could lead to the end passwords.
According to the 2022 Verizon Breach Investigations Report, the most common attack vector for ransomware was stolen credentials through desktop sharing software, and over 80% of web application breaches were as a result of stolen credentials. With the nature of cyberattacks evolving and adapting due to the continuous growth of technology, it is critical that defenses do the same and adapt and improve.
In September 2021, technological giants Microsoft revealed that they would be going ‘passwordless’ and more recently experts at LastPass have announced a passwordless login system using their authenticator. With more companies diverging from the common use of passwords, are we looking at the beginning of the end for passwords and what could a password-free future promise for device users and businesses alike?
The inception of passwords in the 1960s changed the digital world as we know it. Pioneered by MIT researcher Fernando Corbató, (who later said his rudimentary security system has proliferated and become unmanageable), passwords were developed with good intent, and have grown to become a crucial tool for billions of people around the world. However, with the ever-evolving technological world, they are slowly beginning to lose their strength and reliability and numerous frustrations have started to emerge.
One of the key frustrations surrounding passwords is that they are no longer viewed as a strong form of security. Passwords can be shared, guessed, or stolen, which means they aren’t secure and are a popular route for attacks. The weaker and more basic passwords are, the more risk of a breach. In any organization, if weak or re-used passwords are implemented, it poses a significant threat to its overall security.
Joseph Carson, chief security scientist and advisory chief information security officer at Thycotic said: “If you continue to reuse old passwords it is like leaving your front door open and inviting cyber criminals into your home”.
The situation isn’t helped with the fact that a significant number of people on the planet do not apply a strong password. According to NordPass, the most common password of 2020 was ‘123456’, used over 100,000,000 times with ‘123456789’ and ‘picture1’ heading the top three. The concerning statistics continue, because a survey from PCMag reveals that 35% of people never change their passwords. This shows that we ourselves are not helping the cause at all and are putting ourselves at a higher risk.
On the other side of the spectrum, for those who do set strong and different passwords, it has been found that is it can negatively impact user experience. It can be difficult juggling all the different passwords you may have and is very likely you may forget the password to a certain application. This can have a big impact on productivity, and if you are a key member within a business, it may affect the day-to-day management. An employee taking something as little as 15 minutes out of their day to contact tech support to reset a password may not sound like a big issue for the company until it is duplicated by all the employees. For those working in a pressurized working environment, across various accounts, it increases the likelihood of them encountering issues therefore affecting their workflow.
Passwords management is not as inexpensive as you may imagine. According to Forrester, the cost of a single password reset can reach as high as $70. The market research company also found that large US-based organizations allocate over $1 million each year for password-related support costs, emphasizing how high these costs can become. As they remain the most prevalent form of user authentication, forgotten passwords will continue to be a problem that will need costly support unless the problem is tackled.
So, with growing issues with password authentication and companies beginning to adopt passwordless authentication, possibly hinting at the end for passwords, how does it work and what are the benefits?
How it works
As it practically states in the name, passwordless authentication is a multi-factor authentication (MFA) that removes passwords in place of other methods to verify identity. This comes in the form of a possession factor, an object that uniquely identifies the user such as a hardware token or registered mobile device and an inherent factor including FaceID or TouchID. But what makes this method of authentication safer and more secure?
Passwords have always been the most vulnerable forms of user authentication. Therefore, removing the use of them automatically eliminates the risk of any password-based attacks commonly used by cyberattackers. Passwordless authentication offers protection against two of the most dangerous forms of attacks, brute force attacks and phishing. Brute force attacks cannot occur as there would be nothing to steal, and no credentials would be able to be offered up when it comes to phishing.
Password-free authentication enhances user experience. With its zero-click logins, and the lack of necessity to remember and safeguard multiple passwords, it can significantly reduce the complexity of the whole process, help employees’ productivity and help them focus more on the tasks at hand.
SIGN UP TO OUR NEWSLETTER
We do not sell our lists, and you can easily unsubscribe if you so wish.
Because passwordless authentication eliminates passwords completely, this means that there is no such thing as paying for resetting lost or forgotten passwords. This means that businesses can use that $1 million spent annually on passwords on something that can boost business.
It has become evident that security can no longer solely rely on username and password as the go-to cyber-security practice. With technology evolving and cyberattackers doing to same, it is crucial that improvements are made when it comes to cybersecurity meaning the gradual end for passwords. A comprehensive passwordless authentication solution promises a more secure form of authentication, but also assures a better user experience and reduces costs. It may be a big leap for most businesses, but with some beginning to jump on the passwordless bandwagon, it is crucial your business doesn’t fall behind and continue to be at risk with the direction that cybersecurity is heading.