Please turn your device

Maybe It’s Time to Ditch Passwords?

Picking a password is not easy business.

It goes something like:

Website: Please enter your new password
User: cabbage
Website: Sorry, the password must be more than 8 characters.
User: boiled cabbage
Website: Sorry, the password must contain 1 numerical character.

User: 1 boiled cabbage
Website: Sorry, the password cannot have blank spaces.
User: 50rottenboiledcabbages
Website: Sorry, the password must contain at least one uppercase character.
User: 50ROTTENboiledcabbages
Website: Sorry, the password cannot use more than one uppercase character consecutively.
User: 50RottemBoiledCabbagesYouStupidIdiotGiveMeAccessNow!
Website: Sorry, the password cannot contain punctuation.
User: IWillHuntYouDown50RottenBoiledCabbagesYouStupidIdiotGiveMeAccessNow
Website: Sorry, that password is already in use.

User: *Cries Uncontrollably*

Passwords are the perfect way to keep our data and personal details “safe” online since forever.

*dramatic music*…Or are they?

This is not really the case anymore, due to the high numbers in cyberattacks and digital fraud.

So the real question here is: Is it time to kiss passwords goodbye?

What Went Down

According to the BBC, in 2018, CIFAS recorded approximately 190,000 cases of identity fraud. Unfortunately, the digital era we live in has made it easier for fraudsters to access our online private information.

Continuing, the BBC presented an incident which occurred to a young actress in London, where someone applied for two credit cards using her personal information that was stolen online.

“I had two new credit cards approved which I hadn’t applied for, and a letter from one bank, saying we’ve changed our mind about offering you a credit card” stated the actress, who also spent £150 on credit checking services in order to track the illegal cards used in her name.

The weirdest thing is that a company that had a credit card in her name, wouldn’t let her cancel it because she didn’t know the password the fraudster used. *facepalm*

Additionally, back in December of 2018, the question-answer website Quora got hacked, and as a result, 100 million users’ names and e-mail addresses got leaked.

Quora then published a statement on their website, saying: “We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future.”

Also, let’s not forget the recent data-hacking incident which took place in May of this year, when Instagram got hacked!

Instagram got hacked

According to TechCrunch, 50 million Instagram users’ emails and phone numbers were stored in an unguarded database at a Mumbai-based company called Chtrbox.

TechCrunch stated that the data also included information such as the location of users.

“The database itself was stored on an Amazon server and was not protected with a password. An Indian researcher who discovered it had alerted TechCrunch to it” the BBC reported.

Now, when such giant companies manage to get hacked, it puts the whole “digital security” field into question. 

Now What?

Microsoft has had it with all this password-leaking drama and is stepping in with a plan to kill off the password using biometrics or a special security key.

In 2017, the company presented a “four-step roadmap” which would eventually lead to the elimination of passwords within businesses.

The first step is to create password-replacements options such as different tools that will allow companies to implement biometrics, PINs, public/private cryptography, and FIDO2.

The second step would be to minimize the surface area visible to the user. This would make the user set its own authentication options, and thus slowly go passwordless.

The third step, once the surface area is eliminated, Microsoft suggests that the organization/business begins to transition users “into Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.”

The final step is where passwords simply don’t exist. Through the smooth transition of eliminating passwords, Microsoft can provide businesses with the ultimate solution to password-hacking.

Bill Gates

Microsoft’s goal is to create a new world for users where they never need to type, change, or even know their password. More information about Microsoft’s attempt here!

Becoming Passwordless

According to Jason Tooley, the Chief Revenue Officer at Veridium, “Passwords are the easiest approach for attackers“. Unfortunately, the many incidents that occurred proved him right.

Tooley also stated that through a biometric authentication service security will improve, and the IT departments won’t spend valuable time and money resetting forgotten passwords.

There is an annual cost of around $200 (£150) per employee associated with using passwords, not including the lost productivity,” he told the BBC.

Ant Allan, Vice President Analyst at Gartner predicts that by 2022 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases, up from 5% in 2018.

It’s not that it’s hard to ditch passwords altogether, but it’s a whole different procedure actually to convince people and businesses to follow through.

The passwordless future seems very bright, but there’s still a couple of years (at least) left to go.

Bye Felicia gif