Is the password on the brink of extinction?
Editor Introduction
For decades now, usernames and passwords have been a critical, and highly visible, element in data protection and cybersecurity. However, the use of passwords is a far-from-perfect approach to protecting access to computer systems. Nowadays, newer, more sophisticated forms of user identification and authentication have emerged on the scene. We asked this week’s Expert Panel Roundtable: Is the password on the brink of extinction in physical security? Why or why not?
The future is guaranteed to be password-less. Users loathe passwords almost as much as security experts. Trying to remember complex passwords causes users to often write passwords down or save them on a computer, making them even more vulnerable. Generic usernames and passwords are often used for maintenance or admin accounts, and reused passwords often end up in password lists used by hackers. Passwords represent a critical vulnerability in networks and are one of the most common attack vectors. The two most damning statistics on passwords are: 80% of hacking-related breaches are due to lost or stolen passwords, and 75% of users say that they are frustrated by trying to maintain them. Passwords will be likely replaced by some combination of zero trust authentication using context-based analysis, one-time pad plus pin codes with apps that constantly generate new keys, physical or app-based tokens in conjunction with a mobile device, and biometrics.
With a staggering 80% of cyber-attacks due to password breaches, the prospect of a password-less world is appealing. Imagine a life where no one would have to remember unique eight-character sequences or constantly update passwords to stay ahead of hackers and keep data secure. While tech giants such as Apple, Google, and Microsoft are already taking steps for this to become a reality, it will likely still be some time before passwords are completely extinct. In the meantime, we should rely more on multi-factor authentication and other alternatives such as certificate-based authentication and biometrics for additional layers of protection beyond a password. Furthermore, since passwords are meant to authenticate humans, not machines, they shouldn’t be the first choice to authenticate one system to another.
While passwords will likely be with us for a while yet, it’s certainly not because they are loved and respected as a trusted method for authenticating humans and machines. It’s no real surprise that passwords are a principal cause of cyberattacks since, when users don’t like them, they are bound to take shortcuts, storing them insecurely or reusing and sharing them. Likewise, some installers are known to do the same, because they feel the risk is low—until one day it isn’t. Meanwhile, there are myriad better ways to authenticate humans using more trusted and secure methods, be it biometrics and/or any number of combinations involving trusted private and public keys on our mobile devices using authentication apps or physical tokens. Until we get to the eventual password-less future, multi-factor authentication should be used whenever possible. Passwords aren’t on the brink of extinction just yet, but they probably should be.
Editor Summary
If you are counting the days until the end of the password as we know it, prepare yourself for a lengthy wait. Imperfect as they are, passwords are likely to continue to be a go-to method of protecting access to computer systems for the foreseeable future. If we could just stop writing them down on Post-it notes affixed to our computers!
- Related links
- Biometric Access control software
- ANPR Software CCTV software
- Broadcast Messenger Access control software
- Detection Software CCTV software
- Contact Access control software
- Mifare Access control software
- Carpool Anti-passback Access control software
- IP Surveillance Software CCTV software
- Management Software CCTV software
- Central Monitoring Option Access control software
- Recording Software CCTV software
- Combined online/offline solution Access control software
- Surveillance Software CCTV software
- Door Monitoring Option Access control software
- Face Recognition Software Access control software
- License Access control software
- Management Systems Upgrade Access control software
- Redundant System Software Access control software
- Reporting Option Access control software
- Server software for MSDE Access control software
- Visitor Management tool Access control software
- Genetec Access control software
- Genetec CCTV software
- Related categories
- CCTV software
- Access control software