The future of the password…
Ever worry that your password may have been compromised? You’re not alone. It can feel like every day you’re having to sign up for a new platform or service, and as a result, you are likely using variations of the same password, changing a number here or a letter there in an effort to keep your passwords secure and still remember them.
Although trying to remember multiple passwords is a nuisance, the consequences of a weak password can be dire. Data breaches and mass-scale thefts of personal data are increasing in frequency, and the current coronavirus situation has only exacerbated this further. In early April, the popular conferencing platform Zoom revealed that half a million stolen passwords were up for sale on the dark web, and phishing scams have increased exponentially.
Passwords are the key to keeping our digital lives secure, and yet they’re not very secure by themselves. Without a password manager or two-factor authentication, it is relatively easy for hackers to crack people’s passwords, not least because “123456,” “qwerty” and “password” are still some of the most commonly used passwords across the globe. In fact, many of the leading minds in tech want to eradicate passwords altogether.
It is now pretty commonplace to open your phone with your fingerprint or your face, and soon, biometric identification might be the norm for accessing all kinds of personal data. Since 2015, Google has worked to limit both the use of and the need for passwords in Android phones. Microsoft, too, launched its own alternatives, introducing a biometric login system in order to avoid the need for conventional passwords. The fight against our overreliance on passwords even has an open industry body backing the cause – The FIDO Alliance, which includes member companies such as Google, Facebook, PayPal, Visa and Amazon.
With the creation of the FIDO2 standard (essentially a means to enable a browser-based world to authenticate the user using means stronger than passwords, which can, of course, be forgotten or accidentally given to someone operating as a phisher), it is clear that the technologies to replace passwords exist. Yet adoption has been slow. Despite some companies like Dropbox adopting this form of user identification, it has been used as a second layer of security for passwords, when it was really intended to be the first line of defense.
While it is unlikely that we’ll see passwords completely disappear anytime soon, they may begin to take a backseat to more secure forms of identification such as FIDO2, just as you can still use your PIN to open your phone if your fingerprint or face doesn’t register. In the meantime, there is no excuse to slack off on password safety!
Ensure you’re using strong passwords and invest in a password manager for both yourself and your business, such as ESET Password Manager. While recovering a personal password might not be too difficult, accidentally compromising business data can be much trickier to recover from. This World Password Day, take a moment to review your own password protections – it just might save you a lot of hassle down the track!