Why Your Password Is a Liability

Passwords are everywhere. They’re integral to how we communicate (email), work (enterprise apps), and play (social media). Some of us have made incorporating special characters and numbers into ~W0rds! and pHr8seS into an art form.

Passwords are everywhere. They’re integral to how we communicate (email), work (enterprise apps), and play (social media). Some of us have made incorporating special characters and numbers into ~W0rds! and pHr8seS into an art form. But passwords haven’t always been around or in the format we know today. Have you ever stopped to think about how we’ve gotten to this place, where the password rules and we need an app to remember them all? Even more worthy of consideration, how well are these complex passwords actually protecting us?

Passwords have certainly evolved over time, as you can see in this infographic. However, despite our best efforts to make our passwords more complex and theoretically harder to hack, security breaches have become an everyday occurance. In fact, according to the ITRC Data Breach Report, 2017 saw a nearly 45% increase in the number of data breaches compared to 2016. Even big tech companies like SEC, Equifax, and Dropbox — that you assume have the latest security technologies — are not spared from devastating security hacks.

Passwords: More threat than security
Passwords are a liability because they’re a target for cyber criminals. Most cyber attacks are aimed at stealing user credentials, and more than 80% of data breaches are due to weak or stolen passwords, according to a Verizon Data Breach report. Poor password practices make it easier for hackers to gain access to sensitive data in a few clicks. Sample this: a SplashData report revealed that ‘123456’ and ‘password’ — believe it or not — were the most commonly used passwords in 2017. Other winners included ‘iloveyou,’ ‘qwerty,’ and ‘monkey.’

The main reason why users choose ridiculously weak passwords? Remembering unique and complex passwords for the many work and personal online accounts each of us maintains is an impossible task. This also leads to the extremely risky practice of using one password for multiple accounts. According to one survey, although 91% of consumers understand the risk associated with such a practice, 59% do so anyway. Even more concerning is that 53% say they haven’t changed their passwords in a year.

Further, the passwords we create that we think are uncrackable because they’re based on personal information like nicknames, addresses or pet’s names can indeed be guessed using a dictionary attack tool that automates searching through millions of potential passwords until it finds the right one.

Even using a password manager to generate complex passwords — including one-time passcodes (OTPs) and two-factor authentication (2FA) — is no longer secure as cyber attacks become more sophisticated. In addition to advanced phishing, man-in-the-middle and brute force attacks, email spoofing by enterprise hackers using fake login pages to thwart 2FA are becoming commonplace.

The future is passwordless
Passwords not only make for a poor user experience, they are insecure. The message is loud and clear: passwords are the weakest link in cybersecurity. It’s time for a change to create a more secure era where we won’t have to depend on passwords for authentication anymore.

New technologies are making passwordless strong authentication the new normal. Biometric technology is becoming mainstream on smart devices and more than two-thirds of consumers say they are comfortable using it. What’s more, as the FIDO Alliance pushes new authentication standards for web browsers, consumers will be able to use biometrics and other secure passwordless authentication methods to log into websites and web-based applications.

Just like the first passwords, authentication continues to evolve — to become passwordless. Not only more user-friendly, passwordless authentication eliminates the user credentials cybercriminals want and is the only way we will be able to stem the rising tide of data breaches.