An estimated 300 billion passwords are used by humans and machines worldwide. That\u2019s far too many passwords \u2014 40 times more than the number of people walking on planet Earth. The more the number of passwords, the higher the number of breaches: In the first half of 2020, data breaches exposed 36 billion records, according to RiskBased Security, a US-based cybersecurity firm specialising in vulnerability intelligence, data breaches and risk ratings.<\/p>\n
What\u2019s the salvation for a password-weary world? There are no quick answers. It’s a frustrating fact: Many people have grown weary of passwords; yet until now, there\u2019s not much left in terms of choice. The world has become so accustomed to the necessity of passwords. They\u2019re the entry point to the digital world, which gives every user a semblance of ownership.<\/p>\n
The whole of humanity is familiar with passwords. As a rule, no two passwords should be the same. Our dependence on them is intertwined with digital technology use, like we need nappies for babies. We use passwords to check our email, log in to our social networks and browse our mobile phones, watch movies, transact with our bank, etc. A password helps tell the system that we are who it “thinks” we really are. Yet, we all know that passwords, like nappies, aren’t always foolproof. “Human factor” kicks in. And we all know that in every adult hides a “child within”. Then it’s a big mess.<\/p>\n
Instead of being a cause of comfort, however, passwords had caused despair. Don\u2019t even start asking about desperate parents who forget the password of their children\u2019s iPad, linked to an iCloud account. When that happens, the iPad becomes as good as a doorstop.<\/p>\n
And we all know that in establishing security, passwords are not perfect either. Cyber hacks and ransomware attacks have increased, despite the increasing sophistication of passwords. Such attacks are only bound to increase, say experts. Is man\u2019s love-hate affair with passwords about to be disrupted?<\/p>\n
\u201cI think password is dying simply because organisations find it more difficult to maintain passwords, as it has a lot of administrative overhead, both for IT (department) and end-users,\u201d said Anoop Kumar Paudval, Information Security Manager of\u00a0Gulf News<\/em>.<\/p>\n Passwords are seen as belonging to one\u2019s unique \u2014 and personal \u2014 space. We\u2019re supposed to keep them and remember them by heart. Most of the time, we do (or don\u2019t), depending on our amnesia level. But as our digital technology\/media use increases, panic attacks driven by I-forgot-my-password episodes have also increased.<\/p>\n Passwords are a very personal, secret-agent kind of thing. When you forget them, you can\u2019t just ask an officemate, a neighbour or even an IT support guy \u201cWhat\u2019s my password?\u201d It sounds absurd at the very least, and irresponsible at the very most.<\/p>\n When you try \u2014 and repeatedly fail \u2014 to log in to your account for the nth time, ‘password fatigue’ becomes a catchphrase of despair. And don\u2019t even dare to ask your spouse. Whether s\/he knows it or not, it\u2019s bound to cause frustration to either side \u2014 or both.<\/p>\n Consider this: It\u2019s become a standard practice for most organisations to force a password change among users every so often. For some, it\u2019s once every three months, or 4 passwords to note down in one year \u2014 equivalent to 40 passwords in 10 years and 160 passwords during one\u2019s working lifetime (considering the average working life of 40 years).<\/p>\n As the number of passwords end-users must have keeps piling up, password pain only intensifies. That\u2019s part of the reasons why password management software has grown so much. According to SecureAuth’s survey, 1 in 3 IT security professionals report that their users inundate help desk due to frequently forgetting passwords.<\/p>\n It is. Many people keep a written log of passwords on a separate notepad, to help them remember access to apps or sites. While this works for many, it\u2019s not 100% perfect. Most people, in order to avoid password anxiety or fatigue, simply just use \u2014 and reuse\u2014 the password they\u2019ve been given by IT.<\/p>\n Here\u2019s one problem: with too many unique passwords to handle \u2014 which is more than human nature allows us to possibly remember \u2014 people do get lazy, and reuse password all the time. The result: easy-to-guess credentials being employed. In 2019, the most commonly hacked password was \u201c123456\u201d, according to the UK\u2019s National Cyber Security Centre. Ergo: as much as 81% of company data breaches is due to having poor password practices, according to cybersecurity firm TraceSecurity.<\/p>\n While it\u2019s a fact that easy-to-guess passwords are the root cause of a number of cyberattacks, businesses have not removed them from the authentication process \u2013 instead, what is known as \u201ctwo-factor authentication\u201d has been introduced.<\/p>\n Companies are trying to find ways of authenticating employees using the following:<\/p>\n USE 2-FACTOR AUTHENTICATION:<\/strong> In most companies, this approach involves an individual needing two of the following pieces of information before their identity is verified: something they know, something they have, and something they are.<\/p>\n SOMETHING PEOPLE KNOW:<\/strong> In the case of something people know, a password remains the most commonly-used piece of data. Something they have might be a device, like a smartphone, and something they are might include biometric data. This extra layer of security makes it much harder for hackers to access digital or business assets.<\/p>\n USE A PASSWORD MANAGER:<\/strong> Password managers are applications that store information for multiple digital solutions and log in users automatically. They hold a database of passwords that is encrypted and can only be accessed via a master password. This works for many, as it leaves users with much less to remember. This also indicates that less likely to use 123456 and more likely to choose a stronger password overall.<\/p>\n Even two-factor authentication is not air-right, as they can be breached. One is through what is known as the widely reported \u201cSIM card swap\u201d, where the one-time password sent via SMS can be stolen.<\/p>\n It\u2019s an identification system that always requires an added security “layer\u201d. The first factor (when logging in to an account): enter your username and password. Second factor (if 2FA is enabled): You provide a second form of proof that you are the owner of the account before you can access it (such as fingerprint, face or iris scan, or one-time password).<\/p>\n The idea is that, if by some accident or unguarded moment, you gave away your password (say, to a \u2018phishing’ attacker), hackers would need to get access to the second form of identification before they could enter your account. Experts recommend that as much as possible, you must turn on two-factor authentication essential accounts. This extra layer of security doesn\u2019t hurt, and keeps you secure \u2014 for the most part. Unless, of course, you fall victim to social engineering<\/a>, and you give away the two-factor authentication code yourself.<\/p>\n Any layer of security is always better than just a single layer (password). 2FA is one of the best ways to add a secruity layer. But if you think that since you have enabled or implemented two-factor authentication (2FA), you\u2019re hack-safe \u2014 think again. The website hoxhunt.com has listed five ways this layer can be breached\/bypassed:<\/p>\n While many experts say the era of passwords seems to head towards the same destiny as the dinos, getting people to switch to something else (biometrics) might not be a walk in the park. The\u00a0world\u2019s experience with passwords is undergoing a major challenge. Some say it is likely to be a \u201cslow death\u201d for passwords.<\/p>\n The answer to this is another question: Which one is better \u2014 remembering 20 different passwords or transitioning to a better, more robust system of authentication? The answer is pretty obvious. But the solution and reality is always more complex and not so straightforward.<\/p>\n Most IT professionals believe passwords won’t exist in 10 years. This prognostication, however, has been on for well over a decade already. For example, in 2004, Microsoft founder Bill Gates said said passwords are on the way out. Many IT professionals, too, believe the same way. And while we\u2019ve seen the risk with passwords, deciding what to replace them with is a huge challenge. And while it\u2019s true that biometric identification \u2013 like a fingerprint or an iris scan \u2013 is harder to hack, the consequences of being able to do so are much greater.<\/p>\n It’s simply because they\u2019re high-value targets \u2014 getting a hold of not just passwords, but also fingerprint, iris scan and facial scan data of people is valuable to the Dark Web hacking community. For one, copies of biometric information stored and used by organisations and companies to verify each individual makes them attractive targets for ransomware attackers looking to \u201charvest\u201d credentials. When a password is compromised, they can be changed. A fingerprint, or iris scan, cannot.<\/p>\nWhat is ‘password fatigue’?<\/h3>\n
Is it a good practice to keep a log of your passwords?<\/h3>\n
What if I re-use a password?<\/h3>\n
Besides passwords, what are the ways of authenticating people digitally?<\/h3>\n
How does 2-factor authentication work?<\/h3>\n
Why do you need 2-factor authentication?<\/h3>\n
Is two-factor authentication safe?<\/h3>\n
\n
How easy would it be to switch over to biometrics?<\/h3>\n
Are biometrics the way to go?<\/h3>\n
Why do hackers aim at biometrics?<\/h3>\n