The password is dead -- long live the password!
As long ago as 2004 no less a figure than Bill Gates was predicting the death of the password. But here we are almost 20 years on and passwords are still the primary authentication method.
So passwords look set to be with us for a while yet, however, 90 percent of internet users are worried about getting their passwords hacked. Cybersecurity company Ping Identity has been looking at passwords and how to use them safely for both businesses and consumers.
Passwords do have some advantages; they're easy to implement, cheap to administer, require no special hardware or software to maintain, and allow for self-service resets and account recovery. On the downside they can be difficult to remember and/or easy to guess, they create significant login friction, storing passwords is onerous and presents an attractive target for attackers, strong password requirements can lead to lost revenue with abandoned carts/registrations, and they can give rise to increased help desk costs.
There are some things you can do to make passwords safer. They should be at least 12 characters long and use a combination of upper- and lowercase letters, numbers, and symbols. That means there are 72 possibilities for each of the 12 characters, making computational cracking attempts difficult. You should also not use links to personal information -- names, football teams, cars, etc -- and not use dictionary words, or use them in unusual combinations. Of course all of this makes the password harder to remember and that's why you should use a password manager.
Reusing passwords is another thing to avoid as it risks compromising multiple accounts if just one password is breached. You should also beware of sharing too much online -- avoid those social media quizzes that want you to reveal your pet's name, your first car or your favorite movie.
It's also worth checking haveibeenpwned to see if any of your passwords have been linked to breaches. If a password has been exposed then you need to change it, only 45 percent of people say they would.
You should also sign up for multi-factor authentication whenever it's available.
"Although there is no form of account protection truly impervious to hacking, passwordless is the least prone to successful cyberattacks," Zain Malik at Ping Identity says, "In the last two years, cyberattacks have increased to never before seen levels, averaging at 925 cyber attacks a week per organization, meaning implementing passwordless authentication is more important than ever before. While passwords have entropy, the same cannot be said for biometric data. We need to keep an eye on AI, deep fakes and advances in breaking encryption, as they will pose a threat to password replacements."
You can see an overview in the infographic below.