Passwords

None shall pass

The days of the password are numbered. Unfortunately, it’s a very big number, says Jason Walsh
Blogs
Image: Pixabay/Pexels

8 March 2022

Staring down at the keyboard on a recently purchased laptop wondering in which order to press the keys in the hope of something sensible appearing in my word processor, I noticed the presence of a fingerprint reader. Old news to most people, I’m sure, but as a non-user of biometric security it got me to thinking: why do passwords even exist anymore?

Let’s face it: passwords are broken. A technique that should have died out in the 1980s, they remain our first line of defence in IT security. And we all hate them, too, which leads to less than ideal practices such as the use of weak passwords, the re-use of single passwords across multiple applications, devices and websites, and storing them in browsers.

Little wonder then, that our first line of defence is in fact a weak point.

“The majority of breaches we deal with have been a result of compromise of identity credentials,” said Brian Honan, boss of security specialists BH Consulting.

Alternatives do exist, as do enhancements, such as token devices (think swipe cards) and multi-factor authentication (MFA), but uptake remains stubbornly low. Microsoft recently revealed that only 22% of its users have enabled MFA (2FA), or at least only 22% use the MFA tools that Microsoft provides. Conceivably, some use a third party solution, but a lot likely just do nothing.

The 2022 Spycloud Annual Identity Exposure Report report, published last week, found that re-use of passwords was the norm. This is hardly surprising given the number of passwords we now need to do just about anything on our computers and phones.

Some in the industry, such as Microsoft, are arguing we should do away with passwords altogether, and the widespread adoption of biometrics, including fingerprint and face scanning, on Apple and Android devices suggests that the likes of me who just find it a bit creepy are in the minority.

However, the real success of biometrics is that they at least work, which is more than can be said for a lot of our sticky-tape-and-string approaches to making passwords more secure, most of which have the result of annoying people into behaving in an even less secure manner.

“Security, for too long, has been seen as a pain, and a barrier to getting things done,” said Honan.

He’s right. Unfortunately, it is also right to say that security is a barrier. An older friend of mine recently said that she can no longer be bothered to check her bank account online because it “asks too many questions”. Frankly, I understand her frustration. One online service that I use comes close to making me feel nauseous due to its poor implementation of MFA. 

Similarly, a relative who is not quite tech savvy but can manage basic browsing and e-mail finds herself increasingly locked out of not just ‘the Internet’ but society as a whole precisely because she does not have the mental energy to deal with unfamiliar concepts such as challenge-response systems. And if you’re tempted to start rolling your eyes about ‘boomers’, consider this: one day it will happen to you.

Whether it is biometrics or some other form of improved authentication, an improved user experience is desperately needed. 

So when will we see the end of the password? One fine day in the distant future. Maybe.

“The passwordless future will be here when the paperless office is here,” Honan said.

Read More:


Back to Top ↑

TechCentral.ie