An average user must keep track of between 10 to 40 different username and password combinations including banks, social media etc. With so many passwords to remember, many of us use the same ones over and over, or have a running list of passwords saved somewhere. Passwords are a very serious and expensive security risk. This is the reason why companies like Microsoft , Apple and Google are trying to reduce our dependence on them.
What are the Problems?
Easy to Crack
With most of the users either using same password over and over or using simple passwords that is easy to remember like birthdate, nickname, some simple combination with 123 or my favourite, word password itself; it becomes quiter easy for not only for a computer to crack using simple algorithms but also for an individual with right information to guess. Easier to remember passwords are also easier to steal.
Data Breach: Not user’s own faults
Many of the data breaches have occurred because some employee leaked out the system credentials knowingly or unknowingly. Thus, by no fault of the end user, their credentials get leaked.
As a result
The data that has been breached is sold online and used for nuisance via hacking, leaking and ransomwaring. The user data is also purchased by marketing companies who then spam the users without their consent. Lots of money is being made by these illegal and unethical methods, which is new form of robbery and smuggling.
Way Forward
There are 2 ways forward, enhancing the password and security infrastructure that already in place or finding an alternative to password or going passwordless.
Talking about the first way, we have companies like apple and google that have integrated password vaults within their operating systems. We also have 3rd party password managers who not only remember and autofill passwords but also recommend strong passwords and synchronise across Operating Systems.
But a more sustainable solution seems to be the second one: going passwordless. Many companies have come out with different approaches for the same. Some of them being:
- Two or multiple factor Authentication
- One Time Passwords
- Login Prompts
- Biometric Authentication
- Physical key authentication
and many such other innovative solutions. Though these may be able to solve the immediate problems none of them is a panacea for the good ol password. They have issues of cost, need for all time connectivity etc. And using online services for hardware protection is not feasible at all due to dependence on passwords for master resetting in case of a software problem.
So yes, need of the future is to go passwordless and Companies are trying to innovate to get rid of the age old passwording systems. Yet future is yet to come and till the right solution is available, I would suggest you to use strong passwords, good password assistants and healthy digital practices like not sharing sensitive information with strangers. This is the only way today to minimise the chances of you becoming a data crime victim.