The headlines are still haunting me.
On the 7th. May 2020 was World Password Day – kitsch, but a corresponding annual reminder to clean the logins that control access to our modern lives. Within a few days headlines will appear, such as the time it takes to prioritize passwords and tips on how to manage your passwords. Change the passwords quickly and use different passwords for each account, as if new character and symbol configurations would cure rather than limit cyber attacks. The problem is that passwords no longer protect us. Gartner predicts that by 2022, 60% of large enterprises and almost all medium-sized enterprises will have halved their dependence on passwords. But since COVID-19 requires many of us to work from home in dangerous conditions, 60% is not enough and 2022 is too late.
Why are we still using passwords?
Of course, this is not the first time you have read why we need to delete passwords. Security experts are well aware of their shortcomings and are calling for a moratorium on the issuing of passwords for many years. Then why are they still alive?
The answer is fear and delay. Companies that store our data do not prefer to authenticate without using a password, as this is a kind of routine job. Modern password systems may be weak, but they are cheap, easy to make and easy to accept because we all know how they work. Imp source Outsource Support in India. The heads of state and government fear that the implementation of new security measures will cost too much time and money and – suffocating – people are afraid to disturb the status quo. But they have to do it, and fast if they don’t want their name to appear in other popular headlines these days, such as A Company Confirms Data Breach.
Why do passwords have to die?
- Passwords are a hacker’s dream. Let’s face it, nobody creates a unique password for every online account. On average, a person reuses each password up to 14 times. Not surprisingly, Verizon’s 2019 research report on data breaches shows that 80% of all data breaches are related to password theft. It’s bad if the customer’s personal data is cracked, and geometrically even worse if it’s its own password repository. These passwords are very popular on the web. And since people reuse passwords, it’s like sending your credit card details directly to a hacker.
- Passwords are responsible for loss of income. E-commerce sites have less than a minute to arouse the interest of a potential buyer for what they are trying to sell. These sixty seconds include the time the user needs to register. The other day I ordered flowers for my mother on the internet. The interview started at the exit with the need to register and give too many details about oneself. It took too long – I threw away my basket and bought flowers in the grocery store. There is a direct link between user experience and income. If the site makes registration and login difficult, users will spend less time on the site – or never come back.
- Passwords are worth a lot of time. Ah, a terrible password reset, since you have at least 10 options. The time spent waiting for the email, the SMS confirmation of the restart and the decision on which password to use again can only lead to disappointment. In a password free system there are no passwords that can be reset, saved or cracked. Overspending is excluded, potential disasters are not repeated and the risk of liability is even lower.
Why does it have to end today?
The secret to ending passwords forever is what 3.3 billion of us carry with us every day: our smartphones. Today’s smartphones are equipped with secure authentication technology that creates new approaches to user authentication to make it easier for them to visit the website. In addition to accessing the site, users should know that they are visiting the right site, that they are not being avoided and that no one is intercepting their connection. This process of authentication of the user on the server and on the server is called full duplex authentication.
The most complex authentication systems use three factors to validate the user: something you have, something you are and something you know.
Smartphones are what you do with a secure token. While biometrics, whether fingerprints, facial recognition or soon, the retinal scanner will tell you what you are. The other factor you know is your username or social identity. The ability to use one of the most secure user authentication tools can be easily deployed via a downloadable application.
You can easily download such an application using the QR code displayed on the website. After scanning, the automatic download is executed and the first registration process starts. Each time a user visits the website, a unique image and number appears on his phone. The user confirms the image and the number on the website with the phone and performs a reliable three-factor verification. Poof! It’s so simple.
Although smartphones can make it easier to find passwords, a sealed connection is always necessary to avoid pretending to be someone else. If the connection between the user and the website is not impenetrable, a simple scan will not solve the problem, because attackers such as those in the middle can carry out attacks. Solution providers must adhere to the highest level of authentication. Simply put, the website knows it’s a user – and the user knows it’s a website.
This may sound bold, but users need a quick, easy and safe alternative. It exists now. It’s time to change the process upstream to create a better user experience and end the password pain forever.
Let’s put an end to this password nonsense.
Photo credits: designer491 / Shutterstock
John Hertrich is President and CEO of Identity, a security company dedicated to simple, secure and password-free authentication.password expiration policy best practice,what is the number one reason not to change your password every 90 days,non-expiring passwords risk,zwardial download,nist password expiration,password change policy,no more password expiration,microsoft password expiration