Just how surprised would you be if I were to tell you that passwords are perhaps the biggest risk to your security? No hacker in the world is as dangerous as a bad password. As the number of things we interact with on the internet and internet users in general grow, passwords are becoming increasingly more menacing. They’re a significant and expensive security threat; one which is easier to breach than you might think.
But why is that? Why is the method of protection we’ve been using ever since computers have been around such a big threat? And why exactly are tech giants trying their best to get rid of them?
Read on to find out.
What’s wrong with passwords?
Passwords by themselves are just not that much secure. For someone who has a standard eight-character password, it’ll take a modern PC less than a second to go through possible combinations.
Aforementioned, as more and more people get on the internet and the number of online services used by a single person grows, the number of username-password combinations also go up.
This means that companies running these services have to store these username password combinations somewhere on a server. And as long as it is on a server, no matter how secure, there’s a risk that this data can be breached. And data breaches are more than just an invasion of privacy.
Data breaches are also costly. A joint study by the Ponemon Institute and IBM Security discovered that on average the cost of a single data breach in USA could be as high as $8 million.
Even if this breached data doesn’t land up anywhere dangerous, it is becoming increasingly difficult, and expensive, for companies to reset them.
With the number of online accounts per person increasing, there’s also an increased chance that you’re going to use the same password more than once. This means that if there’s a data breach on one site, you could be at risk from multiple fronts.
Due to all these reasons, passwords are quickly becoming a liability. They are just not suitable for the modern-day network applications that we need.
What’s the solution?
Moving ahead, a passwordless future is an obvious choice. At the moment, at least.
There are several ways to authenticate out there, but individually they’re still flawed. As you must have experienced, most tech giants are now pushing for two-factor authentication. This usually involves the user entering a password and then providing additional information in the form on OTPs to confirm who they are.
Apart from this, the other obvious thing is biometric authentication, which has been made popular by fingerprint scanners on smartphones and has inherent advantages over passwords.
Firstly, it isn’t stored on the cloud or a server but rather on the user’s device. This takes out any risk of a credential breach through servers or websites getting hacked. Any services that may require authentication can just access the onboard data the device has for authentication, and they’re good to go.
Apple’s FaceID and TouchID, Microsoft’s Windows Hello have been the forerunners on the whole biometric security landscape. Also, these two companies, among other tech giants, are also one of the most severely affected of all from the security risk of passwords and hence we see the push for a passwordless future.
But then, removing passwords has its challenges. You see, as much as passwords lack security are, they’re also extremely convenient. You don’t need a particular type of phone or computer or any specialised hardware to work with passwords. They’re universal, they’ve been around for quite some time. Everyone who uses a computer or a phone is familiar with them.
However, biometrics have also faced scrutiny since they are permanent passwords and can’t be changed. If an individual’s biometric data is accessed once, it can’t be reset to another of their choice.
Swapping out passwords for these more modern methods of authentication is going to be a long and tough road. But it’s one we’ve started going down on already and probably one we’re going to stay on for the foreseeable future.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.