Is the Use of Passwords Becoming Obsolete?

It has become increasingly important for businesses to prioritise cybersecurity. In response to the current COVID-19 outbreak, many organisations have implemented work-from-home policies. Whilst this has enabled social distancing, it has also created opportunities for hackers to gain access to confidential corporate and customer data, making it even more essential to ensure security protocols are in place.

Businesses can take a variety of measures to strengthen their security, such as regularly installing updates, regularly backing up data, utilizing Virtual Private Networks (VPNs) and encrypted communication tools, and engaging offshore software development teams. Alternatively, they could reassess their reliance on passwords.

It is becoming increasingly apparent that passwords are becoming less popular due to the emergence of more secure and convenient authentication methods. Many password-based systems now require a secondary authentication factor, for example a one-time passcode or a ‘magic link’, in addition to the primary credentials. In this article, we discuss why passwords are becoming obsolete and the solutions that are emerging to replace them.

Passwords Are Not Sufficiently Secure

According to security experts at Exabeam, fraudsters can acquire a database of stolen credentials for as little as $500, allowing them to target various websites with a view to gaining access, as many users have a tendency to repeat passwords. The World Economic Forum has also highlighted that weak password management is a key factor in the criminal ecosystem.

Eric Elliot, a technology expert, has asserted that hashing passwords alone is not sufficient to prevent unauthorized access to plaintext username/password pairs. He goes on to explain that hackers may employ parallel GPUs or massive botnets with hundreds of thousands of nodes to attempt hundreds of billions of password combinations per second.

When these pairings are accessed, security breaches can occur which can cause disruption and be costly in terms of time, money and other resources to resolve. Although some businesses are able to recover from these incidents, others are not so fortunate.

Inconvenient as They May Be, Passwords Are Not Easy to Work With.

It can be difficult to keep track of multiple passwords for both work and personal use. Storing sensitive information on post-it notes or spreadsheets is not recommended as it increases the risk of passwords being stolen by malicious actors.

Password management has historically been a difficult task, but with the recommendation to use complex passwords and different passwords for different websites, the challenge has become even more significant. Sharing passwords with other people who may be careless with them or worse, providing them to a malicious actor posing as an IT professional, remains a risk even for those using password managers (a technique known as social engineering).

Businesses which expect their employees to create and manage passwords are facing a significant security risk. As reported by Exabeam, the movement to eliminate the need for passwords is gaining momentum, backed by technology giants such as Amazon, Google and Microsoft.

Authentication is Not Limited to Passwords

Multi-factor authentication (MFA) is the use of multiple methods to verify a person’s identity. For example, an online banking system may require the user’s credentials, such as an ID and password, as well as a code sent to their phone via text message. This approach makes it much harder for a hacker to gain access to the user’s account, as they would need the username and password, as well as physical access to the phone.

As usage of alternative forms of authentication increases, passwords may eventually become obsolete. Details of some of the authentication methods currently in use are outlined below. Furthermore, this resource provides further information on a selection of these methods.

Biometrics

To identify a person, biometrics are used. They are convenient to use due to our habit of constantly carrying them about.

  • Fingerprints. It has been established that no two individuals have the same fingerprint, making this an effective technique for verifying a person’s identity. The iPhone 5S has a built-in fingerprint scanner known as the Touch ID feature, which is an example of such authentication technology.
  • Auto-identification based on appearance. Facial recognition can be used for authentication purposes on devices such as the Google Pixel smartphone. Users can gain access to their accounts without the need to input a code or remember complicated patterns, simply by raising the phone up to their face.
  • Eye identification technology based on irises. Identity may be confirmed via the use of an individual’s iris instead of their face in a manner similar to facial recognition.

Alerts sent immediately

Push notification (also referred to as a “magic link”) authentication is similar to access code authentication in that it requires the use of a specified mobile device or email account. Users who have requested access to a site are sent an activation link via email or text message. Generally, the link will become inactive once it has been used or after a set period of time.

To unlock the door, you need the keys.

Security keys are capable of communicating with other hardware devices via USB-A, USB-C, NFC and Bluetooth. For those looking for a solution to biometrically identify a device without the existing feature, some security keys are equipped with fingerprint authentication. Most security keys are conveniently sized and suitable for attaching to a keychain.

Safety-related hardware

Hardware Security Modules (HSMs) are physical devices designed to protect against specific threats. These come in a range of forms, including USB devices, Ethernet appliances and PCI Express cards. Their purpose is to secure cryptographic keys and enable cryptographic operations.

Alternatives to Your Current Passwords

If your business employs passwords to gain access to internal systems, it is important to consider the amount of time that is spent managing and recovering lost passwords. This can result in a considerable amount of time being taken away from other activities that could be more beneficial. If this is the case across the entirety of your staff, it could equate to hundreds of hours of lost productivity each year. This time could be better utilised for research, planning and innovation.

If your company develops applications or software for clients, the use of passwords could be adversely affecting customer experience (CX), leading to a decline in loyalty, business and revenue. As passwords become increasingly outdated, it is essential that business leaders begin to consider alternative options.

Join the Top 1% of Remote Developers and Designers

Works connects the top 1% of remote developers and designers with the leading brands and startups around the world. We focus on sophisticated, challenging tier-one projects which require highly skilled talent and problem solvers.
seasoned project manager reviewing remote software engineer's progress on software development project, hired from Works blog.join_marketplace.your_wayexperienced remote UI / UX designer working remotely at home while working on UI / UX & product design projects on Works blog.join_marketplace.freelance_jobs