Authentication and online security are critical issues in protecting data and privacy. As we move into the future, advanced authentication methods are gaining traction, which raises the question: is this the end of passwords as we know them?
Cybercriminals are always devising new strategies to crack passwords — making it very easy for users too — putting people and businesses at risk. Today, May 4th is World Password Day. —first Thursday of every May— and aims to encourage good habits that help keep privacy and security safe online.
This event started in 2013 as an effort to educate people about the dangers of using weak passwords and has grown every year since. “There are still many companies that do not focus on creating a good password policy”although according to experts from fsafe, fibratel’s cybersecurity unit.
A Nordpass study reveals that too many people use easy-to-guess passwords.“Millions of people use some of the most common passwords, including “12345” and variations of it”. Also, it takes less than 1 second to crack most of the passwords on the most common list.
“To create a strong password policy, minimum security requirements should be established, such as a minimum length and the inclusion of a combination of letters, numbers, and special characters. The use of common words or personal information, such as dates of birth or names of pets. In addition, it is important that passwords are updated periodically and that they are not reused in different accounts”explains Pablo García, cybersecurity consultant at KPMG Spain.
What does it mean for a company that access passwords are weak?
For a company, having weak access passwords is a significant IT security risk. Some of the negative consequences are:
- Security breaches: Weak passwords are easier to guess or to hack, which increases the risk that someone unauthorized can access sensitive or confidential company information. This could include financial data, customer information, intellectual property, among others.
- Loss of reputation – If a security breach occurs due to weak passwords, this can negatively affect the company’s reputation. Customers and business partners may lose trust in the company and seek safer alternatives.
- Recovery costs: The company may incur significant costs to investigate the cause, correct the problems, and recover the compromised information. If the gap is large, the recovery costs may be even higher.
- Non-compliance with regulations: In many industries, there are specific regulations that require companies to protect the information of their customers and partners. If access passwords are weak and a security breach occurs, the company may face financial and legal penalties for failing to comply with these regulations.
“It is important that companies implement strong password policies and educate their employees on information security best practices to avoid unnecessary risks”explains Pablo Garcia.
The future of passwords in the spotlight, will they end up disappearing?
Passwords as we know them today may become obsolete in the future due to the increasing popularity of more advanced authentication methods, such as two-factor authentication (2FA) and biometric verification.
- Two-factor authentication, which requires something the user knows — like a password — and something the user has — like a code sent to their phone — is more secure than using a one-time password.
- Biometric verification, which uses unique physical characteristics such as fingerprints, facial or iris recognition, is also a more secure form of authentication as it is difficult to replicate or falsify.
Big companies like Apple, Google and Microsoft have already realized this and have released important advances to promote other options and replace passwords in favor of easier and more secure authentication.
Data from a 2023 PYMNTS study indicated that only 24.7% of people chose passwords as their preferred authentication system when accessing apps. However, 51.7% of those surveyed have used and preferred authentication with biometrics.
Even with these new forms of authentication, it may still be necessary to use passwords in some cases. For example, two-factor authentication systems often require a password as the first factor of authentication. In addition, there is always the risk that biometric features may be compromised or falsified.
Besides it is undeniable that there are still some cases where passwords can be useful as the first factor of authentication.
For example, in business environments, passwords may still be required to allow employees to access company systems and applications. In these cases, passwords can be supplemented—but not replaced—with two-factor authentication or biometric verification to provide a higher level of security.
Besides, “Some users may prefer passwords as an authentication method because they are easy to remember and do not require additional hardware, such as a mobile device, to receive a two-factor authentication code”adds the expert interviewed.
World Password Day It’s a great reminder to review your account login credentials to make sure they’re secure.. Take advantage of this day and take your time to update them for more complex ones that contain symbols, numbers and capital letters; this will help keep you up to date and safe from any potential threats.