Death of password: Do you use 123456 as password? You’re not alone

ENTRY TO DIGITAL WORLD: A password is the usual entry point to the digital world. This dependence on passwords is intertwined with tech use, just as signatures are the old-world entry point people have to their bank accounts. Given the spike in hacking attacks, however, man’s long-term affair with passwords is about to be overturned, or disrupted.

HOW MANY PASSWORDS ARE BEING USED? An estimated 300 billion passwords are used by humans and machines worldwide. In the first half of 2020, data breaches exposed 36 billion records, according to RiskBased Security.

NEED FOR PASSWORDS: We need passwords to check our email, log in to our social networks and browse our mobile phones. But passwords, instead of being a cause of comfort, had caused despair for many. Don’t even start asking about desperate parents who forget the password of their children’s iCloud account; when that happens, the gadget is good as a doorstop.

SECURE? We all know that in establishing security, passwords are not perfect. Cyber hackings and ransomware attacks have increased, despite the increasing sophistication of passwords. And such attacks are only bound to increase. https://gn24.ae/bb8a4af7f844000 .

PROBLEM WITH PASSWORDS: Passwords are seen as belonging to the personal responsibility space. You’re supposed to keep these unique passwords close to your heart — and remember them by heart. Most of the time, we do (or don’t), depending on our amnesia level. This desperate situation is only expected to increase.

TRACKING PASSWORDS: As our digital technology/media use gets ramped up, panic attacks driven by I-forgot-my-password episodes have also increased. Worse, it’s become a standard practice for most business organisations to force a password change among users every so often.

DEMAND FOR UNIQUENESS: Here’s the problem, though: with too many unique passwords to handle — more than human nature allows us to possibly remember — people get lazy, or cut corners. People reuse password. So easy-to-guess credentials start being employed.

MOST COMMON PASSWORD: In 2019, the most commonly hacked password was “123456”, according to the UK’s National Cyber Security Centre. Poor password practices account for as much as 81% of company data breaches, according to research by cybersecurity firm TraceSecurity. Due to this risk, companies are trying to find ways of authenticating employees.

PASSWORD FATIGUE: With far too many passwords to manage, it’s just getting crazier. In 2019, software firm LastPass wrote a report stating that employees at large companies are expected to have 25 unique logins; for staff at smaller organisations, the number is 85. No surprise there: many people are quietly suffering from password fatigue.

PASSWORD LOG: Many people keep a written log of passwords for different apps or site on a separate notepad. While this works for most, it’s not 100% perfect. Most people, in order to avoid password anxiety or fatigue, simply just use — and reuse— the password they’ve been given by IT.

CALL OF DESPAIR: Passwords are a very personal, secret-agent kind of thing. You can’t just ask an officemate or a neighbour “What’s my password?”. It sounds absurd at the very least. When you try — and repeatedly fail — to log in to your account for the nth time, it becomes a catchphrase of despair. And don’t even dare to ask you spouse? Whether s/he knows it or not, it’s bound to cause frustration to either side — or both.

END OF AN ERA? The era of passwords seems to be facing the destiny of Dodos, or dinosaurs. Or is it really now about to come to an end? Some experts say it is likely to be a “slow death”.

EASY-TO-GUESS: While it’s a fact that easy-to-guess passwords are the root cause of a number of cyberattacks, businesses have not removed them from the authentication process – instead, what is known as ‘two-factor authentication’ has been introduced.

TWO-FACTOR AUTHENTICATION: In most companies, this approach involves an individual needing two of the following pieces of information before their identity is verified: something they know, something they have, and something they are. But even a two-factor authentication system can be breached, through what is known as SIM Card swap, where the one-time password sent via SMS can be stolen.

SOMETHING PEOPLE KNOW: In the case of something people know, a password remains the most commonly-used piece of data. Something they have might be a device, like a smartphone, and something they are might include biometric data. This extra layer of security makes it much harder for hackers to access personal or business assets.

PASSWORD MANAGER: A lot of companies have also adopted the use of password managers to bolster their digital defences. With many employees now being asked to remember several passwords for different pieces of software, organisations have looked for a way to push back against a tendency to reuse passwords.

WHAT PASSWORD MANAGERS DO: Password managers are applications that store information for multiple digital solutions and log in users automatically. They hold a database of passwords that is encrypted and can only be accessed via a master password. This works for many, as it leaves users with much less to remember. This also indicates that less likely to use 123456 and more likely to choose a stronger password overall.

PASSWORD-WEARY WORLD: As many people have grown tired of passwords, there’s also not much left in terms of choice. The world has become so accustomed to passwords – getting people to switch to something else (biometrics) might not be a piece of cake. But it’s also pulsating reality that the world’s experience with passwords is undergoing a major change.

BIOMETRICS: So while we’ve seen the risk with passwords, deciding what to replace them with is a huge challenge. While it’s true that biometric identification – like a fingerprint or an iris scan – is harder to hack, the consequences of being able to do so are much greater.

WHY HACKERS TARGET BIOMETRICS: Copies of biometric information stored and used by organisations and companies to verify each individual makes them even more attractive targets for ransomware attackers looking to “harvest” credentials. When a password is compromised, they can be be changed. A fingerprint, or iris scan, cannot.

HACKING THREATS: In today’s digital-driven world, there is an increasing pressure to push back hackers’ threat. The average cost of a data breach is $3.86 million as of 2020, according to Varonis. To counter such threats, the global information security market is forecast to reach $170.4 billion in 2022, a Gartner report states.

DATA BREACHES: In 2020, the number of data breaches in the US alone reached 1,001 cases, according to Statista. Meanwhile, more than 155.8 million individuals were affected by data exposures in 2020 — accidental revelation of sensitive information due to less-than-adequate information security. According to Cybint, 95% of cybersecurity breaches are caused by human error. Inadequate password protocols is responsible for a sizeable chunk of this figure.

TRANSITION: Which one is better: remembering 20 different passwords or transitioning to a better, more robust system of authentication? The answer is obvious, but the solution and reality will not be simple. Most IT professionals believe passwords won't exist in 10 years. This prognostication, however, has been on for at least a decade already.

ON THE WAY WAY OUT: In 2004, Microsoft founder Bill Gates said said passwords are on the way out. Many IT professionals, too, believe the same way. The problem is, deciding what to replace them with, is proving a tough challenge.

DEATH OF PASSWORD? So are we really witnessing the death of the password, with facial recognition, for example?? A survey from Wakefield Research and SecureAuth shows the answer is “Yes” from most IT practitioners. At the current rate authentication and authorisation technology is progressing, they believe passwords will be passe in 10 years. Among the 300 IT decision-makers surveyed, 91% agree that the traditional password will not exist in a decade, the survey shows.

BEYOND PASSWORD: Approximately 66% of IT professionals said they are already using authentication methods beyond passwords. Whether these predictions will have any bearing on reality, only time will tell come 2031.

DIRE PREDICTIONS: Since Bill Gates’ end-of-password prediction in 2004, all sorts of two-factor authentication and biometrics products have literally flooded the market. They supposedly heralded the end of the password — with dongles, soft tokens, fingerprint readers, facial recognition, palm vein readers, iris recognition, and even keystroke dynamics — identifying users by their typing patterns. Even as these alternatives came and went, the password has remained as firmly entrenched as ever. Why is this so?

SOFTWARE AS A SERVICE: In fact, as software as a service (SaaS) apps and mobile services growth, password prevalence is growing. The global password management market is growing at a robust annual rate of 16.33%, according to a Research and Markets report.

CONFLUENCE OR CONVERGENCE? In the last couple of years, we have seen a sort of convergence — a confluence of activity that could push passwords into the dustbin of history. With the built-in use of biometrics (on iPhones and some Android phones, for example), and Apple's folding in of biometric authentication into its Apple Pay service, it would seem biometrics have finally entered the mainstream in full effect.

BIOMETRICS SPENDING: Data firm BI Research estimated that spending on biometrics has hit $26.8 billion in 2020. Soft token authenticators and other software-based mobile authentication tools become more secure and easily available due to smartphone ubiquity.

PASSWORD PAIN: As the number of passwords end-users must have keeps piling up, password pain only intensifies with each passing year. That’s part of the reasons why password management software has grown so much. According to SecureAuth's survey, 1 in 3 IT security professionals report that their users inundate help desk due to frequently forgetting passwords.