Passwords have been around for a while, but as our digital world expands and grows, password-only login is becoming more and more insecure. In fact, the standard minimum password length of 8 characters can now be cracked using the right software/hardware combination in around 2.5 hours.
This recent development means that it’s only a matter of time before even the most complex passwords are compromised. Even if you aren’t likely to be the target of a determined password-cracking attempt, lots of people fail to use good password hygiene, making that 2.5-hour figure much lower.
Not only do users recycle passwords or snippets of them, but even those who think they’re using complex passwords often don’t really understand what the concept means. Like the well-known xkcd comic tells us, “complex” from a computer’s point of view (which is a purely mathematical perspective) isn’t the same as “complex” from a human point of view.
Your password might look secure to you, but if it’s p455w0rdI2E, a computer is going to make short work of it. Even if we take the advice and choose a passphrase, we have to be careful to choose something where each word really isn’t linked to the others.
As human beings we’re also tempted by laziness, leading us to choose passwords that fit a nice pattern on a QWERTY keyboard or when typed in to our mobile devices—another way that we make our passwords easier to crack. Laziness also steers us away from using unique passwords for every app or service, forcing us to either recycle passwords for reduced security or use a password manager.
Would you believe that some people even share passwords with other people? It sounds shocking, but often small businesses do this when logging in to pay-per-user services like Office 365 as a way to reduce costs.
People also frequently share passwords to services like free Wi-Fi away from home, Netflix and other streaming services, and billing accounts for household bills.
Security-conscious people already know that all of this password nonsense makes multi-factor authentication (MFA) very important. Those of us who have heard of MFA but don’t yet use it know deep down that we will have to switch eventually.
If you’ve looked into MFA at all, you’ll quickly spot that many MFA options are similar to the ones you use to recover a forgotten password.
It might surprise you to know that 60% of users have reset a password in the last 60 days—if you know how to reset your password, then you already know how to use MFA.
All of this raises a very important question—should we still be using passwords (or pass-phrases) at all? There are multiple methods now used as the second authentication step for MFA, so why not use two or more of these methods and ditch passwords altogether? There are even ways to use MFA when you don’t have access to a mobile network.
Some providers already let you use an app installed on an approved mobile device to confirm login instead of using your password. Many providers now let you take this a step further and use an app instead of a password, rather than in combination with one.
If you’ve tried out passwordless login, you’ll already know that it’s easier than signing in with a password, even if you have your password saved in your browser (another popular but unsafe practice).
Tomorrow’s digital world isn’t going to be a secure world if we keep relying on passwords for security, so it’s time you consider the best way to move to a passwordless future.
This goes for your personal accounts as well as for your organization.
Take a look at the infographic shared by LoginRadius a customer identity access management solution.