Passwords are one of the most common methods for securing sensitive information across networks. However, recent trends in the IT community have shown an increasing interest in multi-factor authentication—solutions that go well beyond the password.
We covered the essential elements of two-factor authentication in a previous blog post, but the question remains: why have passwords fallen out of favor?
The answer is threefold.
1. Passwords are easy to crack
As vigilant as the tech community has been to enhance the security power of passphrases, hackers are just as active in finding workarounds. A lost password can result in personally identifiable information (PII) being stolen and used to commit identity theft. Accounts can be breached, manipulated for phishing purposes, or sold in bulk on the black market.
This is possible because passwords, as a form of authentication, are considerably weak. Pair that with the typical weakness of any given password and you have a woefully underwhelming form of protection.
2. Passwords are hard to remember
Good passwords can be tricky for users to remember, which is why users so often choose ‘simpler’ passwords—passphrases they unfortunately repeat and reuse.
3. Passwords are cumbersome
As we approach an age where so many devices in our lives can be linked together, it becomes increasingly important to protect our access to them. This means more passwords. The bottom line is that people hate passwords—they don’t like having so many to remember, and more importantly, they don’t entirely trust the security they provide.
According to their digital consumer survey, Accenture found that 60% of those polled felt passwords were cumbersome. This was out of 24,000 consumers spanning 24 different countries. This staggering number relates some of the general wariness users have about data privacy. Accenture goes on to say that companies capable of building trust with consumers will be able to access greater stores of consumer data, which means providing stronger forms of authentication will be key in securing that trust, and the data it rewards.
Why your password just isn’t working anymore
Companies have begun urging consumers to change their passwords every 90 or so days, which can be annoying for users. To successfully do so, people will come up with complex passwords and then write them down—usually near their desk or computer. Or worse, they email the passwords to themselves, further compromising their security.
Passwords have been joined by other forms of authentication over the last several years, and more are sure to follow because logins involving a username and password are swiftly growing obsolete.
As biometrics and device authentication grow in use, they will start to displace passwords and this will drastically alter the way people access and user their personal devices.
Out with the old forms of authentication, in with the new
The truth is, people and companies are falling out of love with passwords for a number of reasons. When we only had one computer in our lives, a single login sufficed. Now that we are accessing smartphones, tablets, laptops, home PCs, work computers, and any number of accounts we have online, passwords are no longer effective or efficient. Technology is growing towards a centralized, unified design (the Internet of Things) that requires a more streamlined—and secure—form of user authentication.
Simply put, passwords just can’t hack it anymore.
How software and hardware are changing to fill the gap
Microsoft has been hard at work trying to make passwords a thing of the past. With Windows 10, they’ve introduced Windows Hello, a way to introduce system-level support for biometric authentication.
Other companies have done their part to move toward more secure methods of authentication as well. There’s the Touch ID fingerprint scanner on the iPhone 6 and facial recognition on Lenovo devices. Of course, as the software evolves so too must the hardware. Fortunately enough companies have already embraced biometric technology such as fingerprint scanners that more commercial, cost-effective versions can be integrated into consumer-ready devices.
Leaving the password behind
Change is gradual, but the verdict is almost unanimous. Passwords aren’t working. They’re not protecting consumers and their sensitive data anymore, and they’re failing because consumers aren’t using them properly. They see passwords as an inconvenience and when they do have access to two-factor authentication, they bypass having to enter the password by having websites save their login information.
The truth is malware and other software have made it too easy for hackers to guess passwords. Consumers need a unique way of safeguarding their devices and information and that authentication may be closer than we realize.