Misan Etchie is an Experienced Digital Marketer, Content Writer and Link Builder
A 2019 research conducted by HYPR showed that 78% of people forgot their passwords and required a reset within the last 90 days. Passwords aren’t just difficult to manage, they are inconvenient, insecure, and expensive because passwords are just too easy to guess, hack or intercept and what’s more, the legacy of password reuse is leading to constant attack and account vulnerabilities.
Hackers try to get your passwords through different means, this is especially bad for people who use the same or similar passcodes, so when one account gets hacked their other accounts become vulnerable. Most data breaches originate from stolen passwords as bad passwords are one of the easiest ways to compromise a system, it could take seconds for a computer to go through the list of possible password combinations for someone who has a simple 8 character password.
Whenever there is a big hack, we are often advised by security experts to not only stop using the same passwords but to stop memorizing passwords altogether and make use of password managers; software applications designed to store and manage your online credentials and make your accounts more secure by freeing the user from having to generate and remember sufficiently complex passwords, thus allowing for single-purpose passwords that meet a much higher level of security.
Two Factor Authentication
Passwords have come a long way since its creation in the early 1960s with the inventions of new types of authentication like fingerprint scanners, face-scanning technology, and two-factor authentication.
Two-factor authentication has to do with using two forms of authentication, it deals with the combination of two of the three forms of authentication, which are;
- What you know: your pin, username, password and even the answer to a security question
- What you have: your sim card, mobile number, bank card, key card an access token/badge
- Who you are: biometrics like facial recognition, fingerprint and iris scanning
Two-factor authentication is far more secure than passwords alone because it takes into account two forms of authentication rather than one. A common form of two-factor authentication is withdrawing money from an ATM; using your pin code and your bank card.
Other methods of two-factor authentication include using an authenticator app like Google authenticator or Microsoft authenticator, SMS Codes, and biometrics alongside your password for more secure verification, however, some forms of two-factor authentication are not as secure as others.
The fight against passwords by big companies
For years tech giants like Microsoft, Apple, and Google have been trying to get rid of their customers’ reliance on passwords by introducing other extra-security methods, such as magic links, fingerprinting, or secret tokens delivered via email or text message.
Virtual assistants like Siri, Google Assistant, and Alexa have very advanced voice recognition technology that identifies users using over a hundred characteristics of their voice, this has greatly aiding two-factor authentication and has made for passwordless authentication; a more secure method logging in that swaps the use of a traditional password with more secure factors.
The FIDO Alliance
The FIDO (Fast Identity Online) Alliance is an association of more than 250 leading companies whose main goal is to reduce the industry’s reliance on passwords and to standardize two-factor authentication.
The main difference between FIDO and other standards is where FIDO stores its data, unlike passwords which can be stolen from the servers they reside on or be bought from the dark web, FIDO does everything locally on the device. FIDO protects user privacy by using local-match biometrics, meaning matching users’ biometrics on devices, therefore protecting them from being stolen by hackers.
Microsoft has been leading in the fight against passwords by providing its Windows devices with biometric technology like face scanning or fingerprint reading, most of Microsoft’s employees can now log in to the corporate network using biometrics only.
In 2015, Microsoft introduced Windows Hello to customers with its devices running Windows 10, Windows Hello allowed users to log in to their devices without a password only using their face, fingerprint or iris, with Microsoft storing user biometrics on the device and not the cloud.
Users can log in to their Windows 10 devices using FIDO2 compatible devices such as hardware keys. Microsoft also has a consumer authentication app ‘Microsoft authenticator’ which allows users to take advantage of two-factor authentication on any device.
Apple has been encouraging the use of biometric as a more secure means of authentication since it came out with Touch ID on the iPhone 5s device in 2013, Apple also announced a more secure means of biometric; Face ID on the iPhone X in late 2017.
Back in 2016, Apple introduced Auto Unlock, a feature for macOS that allows users to access their Mac computers using authentication from their apple watches, even going as far as to recommend apps only using password logins if biometrics fail in their app development guidelines.
Google has also required its employees to use physical security keys since 2017 and has seen a huge reduction in phishing, the company released a physical key; Titan that allows users to take advantage of two-factor authentication on their devices.
Google announced in 2019 that phones running Android 7 and later would all come with a built-in security key using Bluetooth, iPhone and iPad users can also use their secondary Android devices as a security key whenever logging into their Google accounts on an iOS device.
The removal of passwords and the adoption of more secure means of authentication by the masses has been an extremely hard task to do because the average person is used to using risky methods of authentication and the technical difficulty of bringing new forms of authentication standards has only made it harder. Even with passwords being so hard to kill for tech giants, it’s easy to see that a future without passwords and of improved security and usability is coming.