Is it time to make World Password Day a thing of the past?
As another World Password Day rolls around there’s the inevitable debate about whether the days of the password at the front line of security are numbered.
In recent years it has seemed that reports of the password's death have been greatly exaggerated. But as Google extends its rollout of passkey technology it seems that passwords may finally have had their day.
Eduardo Azanza, CEO of Veridas, says:
As we continue to see the convergence of the digital and physical world, the age of passwords is limited and nearing an end. Currently, to perform our daily lives securely, we must access dozens of passwords and double authentication steps, which spirals into added steps and frustration for users.
Passwords continuously fail to keep users fully protected, as they can be stolen and leaked on the dark web for the use of fraudulent activity. It’s time to look towards a passwordless future, where organisations can create an easy experience whilst also keeping their customers safe.
Therefore, organizations need to be looking towards technologies such as biometric verification. The use of voice biometrics or face biometrics means that organizations can verify people’s digital identities in a simple, agile, secure, and private way.
Unlike passwords, users' biometrics cannot be lost or stolen and used by cyber criminals to gain access to systems or commit other crimes such as fraud and identity theft. Finally, biometrics allows users to identified and verified within seconds, rather than users trying to remember their passwords and then having to go through multiple authentication steps to prove who they are.
Dan Conrad, AD security and management team lead at One Identity, says, "In the future, I'd love to see World Password Day become World Secure Authentication Day, World MFA Day or even World Passwordless Day as our strategies for identity security evolve. If we can all get on board with basic best practices and rigorous education, we might just get there."
Vittorio Bertocci, Principal Architect at Okta, says,
"It's 2023. Celebrating 'World Password Day' honors a 60-year-old technology. Passwords are a bad habit we should help the world break free from, even if we know it will take years to do so. We should take a page from the many holidays that have evolved over time and institute a 'World Passwordless Day', during which we collectively come together as an industry to raise awareness about the dangers of passwords. Together we can help users, developers and administrators alike to learn about what options they have to migrate to passwordless, and how much better their life can be without passwords."
Tyler Moffitt, senior security analyst and community manager at OpenText Cybersecurity says:
The spate of recent password manager breaches have likely left many companies and consumers feeling overwhelmed. Passwords aren’t perfect. While they may still exist to some extent in the next five to ten years, alternative authentication methods, such as biometrics (e.g., fingerprint or facial recognition), hardware tokens, and behavioral analytics, are becoming more common and may eventually supplement or replace passwords altogether.
In the meantime, it's crucial that we remain vigilant and proactive in securing digital footprints. A robust password manager, combined with multi-factor authentication and ongoing cybersecurity education, can significantly reduce the risk of account compromise and other online threats. This World Password Day, it's important for all to reflect on their digital security and to consider the varying cyber resilient solutions available to better enhance digital security.
Jasson Casey, CTO at Beyond Identity, argues that our online lives will never be secure if organizations keep using passwords. "Passwordless, phishing-resistant multi-factor authentication significantly reduces risks that come with passwords, making it virtually impossible for attackers to gain access through traditional methods. Organizations don't have to compromise their security or convenience. Today they can switch to a modern, secure, phishing-resistant MFA that leverages the combination of biometrics and Passkeys based on the Fast Identity Online (FIDO) standards. Each year, we 'celebrate' World Password Day, and then cybercriminals continue to exploit password-based authentication. Only by adopting passwordless, phishing-resistant MFA technologies can organizations make it much more difficult for adversaries."
Jim Alkove, CEO of Oleria, says, "The time for protecting data solely with passwords has come and gone. Today's rapidly accelerating business environment necessitates strong multi-factor or passwordless authentication and a transition to new adaptive and autonomous approaches to access. Adaptive access allows an organization to reduce the risk of breaches by granting just the right access at the right time for the right duration. Autonomous access frees an organization from the expense of today's largely manual approaches to managing access and allows them to accelerate with the pace of business, confident that data is protected."
Image credit: Wavebreakmedia/depositphotos.com