In the face of these password-free advances, will the traditional password become a dinosaur?
Today is World Password Day, and in a recent interview with TechRepublic, the COO of password management provider 1Password estimated that we currently have about 100 billion passwords protecting our digital gateways.
That’s a lot of hackable passwords in the ether. And, yes, that’s the awful truth about passwords – they’re ALL hackable. If you can type it with a standard keyboard, then anyone else can too. They’d have to guess it first, of course, but that’s getting increasingly easier with AI, which can rail against a digital door, trying thousands of different passwords every minute, all without you detecting a thing.
In the majority of instances, password-crackers like to deploy two simple methods – leaked credentials and brute force. Using leaked credentials is a no-brainer, as hackers simply aggregate the hundreds of millions of user names and passwords leaked in data breaches over the years and apply them like skeleton keys to locked doors. These hackers know that most of the population reuses passwords across different services, and they aim to take advantage of that.
Brute force attacks are rapid-fire educated guesses. A password-cracking program hammers away with alphanumeric combinations until it finds one that fits, using the Infinite Monkey Theorem, which proposes that if you have a monkey randomly hit typewriter keys for an infinite amount of time, eventually she will turn out the works of William Shakespeare. Or your password.
What has become industry standard for us is an ancient tradition that reaches as far back as the beginning of civilization. From the first utterances of “open sesame” centuries ago, people have been using secret words and codes to prove identity and gain admittance. But a new wave of tech is poised to reduce the security risk of hackable passwords by eliminating them entirely. Some organizations are already using these measures, but none have been widely adopted yet.
Gartner predicts that by 2022, 60% of the world’s largest enterprises and 90% of the world’s midsize enterprises will implement password-free security methods in more than 50% of use cases. Here are some of the leading contenders in password-free authentication.
But the fact is that we do not live in a password-free world yet, so it’s on each of us individually to protect our data and devices with the best security we can. Therefore, use the fact that today is World Password Day to assess the passwords you’re currently using and ensure they are protecting you.
As always, remember these password tips.
Until the next digital chapter, when biometric authentication might give us the technology to use our own heartbeats or brainwaves to prove our identity, we will continue to use these keyboard keys. Be creative and be clever. No “qwerty”s. Have a safe and secure World Password Day, everyone.