Published: 19 December 2022

Is this the end of passwords? We’re sure we’re not the only ones who are always forgetting passwords. The intricacy involved in creating them can make them impossible to remember. You must have capital letters, numbers and special characters. Being asked to change them constantly also leads to many people using the same one for everything and simply changing a character here or there.

Remote working has only increased the need for security best practice. Most organisations were not prepared for the pandemic. 30% of IT professionals reported security breaches due to poor password practices. For World Password Day we created a blog containing a guide to password protection for your employees. You can read it here.

The good news is that the biggest names in tech (Apple, Google, Microsoft) are already working on a password free world. Many of you will have facial recognition or biometrics to unlock your phones and other devices. To keep data secure, we will still need a way to prove we have a right to access it. How will that be done?

What options currently exist in password security?

Passwords themselves have been called the weakest link in security. They are often reused and written down so they can be remembered. That makes them vulnerable. Over 80% of breaches were the result of poor password security due to weak or stolen passwords.

What other options are available right now? Microsoft is already working with Multi-Factor Authentication (MFA) for corporate accounts. MFA still requires a password. Crucially it then requires another form of ID such as a fingerprint or a code that’s been texted to your phone. Google developed a plug-in security key. In addition to a password, the security key provides an encryption code. Anyone who doesn’t have that cannot access your device. They’ve also developed the Google Smart Lock which has two-factor authentication.

These methods, while more secure than a password on it’s own are not without risks. Codes sent via text or email can be intercepted. Hackers have shown that they are even able to steal your biometric data. And there’s the issue of ubiquitous usage. Not everyone has access to the technology required to use these systems.

What is the future of password security?

It’s fair to say that passwords are not secure. The future of password security is one without passwords at all. Facial biometrics are already in use. It is theorised that we’ll see further use of ‘facial mapping’. This works by taking the topography of your face and turning it into a mathematical code. This combined with liveness AI makes it difficult for hackers to replicate.

The major tech companies are already committed to expanding support for the FIDO Alliance. Along with the World Wide Web Consortium, the FIDO Alliance has set the standard for passwordless sign in. “Simpler, stronger authentication’ is not just FIDO Alliance’s tagline – it also has been a guiding principle for our specifications and deployment guidelines.”

Biometrics then seems to be the future. Already 70% of executives are likely to consider facial biometrics as an alternative to passwords. And technology is already moving one step further. We are getting to the stage where a system will simply recognise you. Your user behaviour, tracking your words, your activity patterns and even your posture could all be ways to verify your identity in the future.

So, is this the end of passwords? For now, passwords exist and it’s unlikely they’re going anywhere soon. It is vital that you do all that you can to protect your data. Read our blog on why MFA is a valuable tool to help you do that until the future arrives.

Read More

Review of Sophos’ 2023 threat report

18 January 2023

We're industry experts in Cyber Security, read our review of the Sophos 2023 Threat Report

National Computer Security Day- November 30th 2022

10 November 2022

This month hosts National Computer Security Day. We take a quick look at the aim of the day and how best to celebrate in your business.

Employee or Employer; Where does the cyber breach responsibi...

12 October 2022

Cyber Security responsibility is a loop; both employees and employers are accountable for preventing a cyber breach.

Calculating Return on Investment of a Project

27 July 2022