Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity.
The fact is that countless remaining devices and systems have been aging and based on password security for decades.
There can be no turning back time for such legacy systems-as long as they are in use, we will depend on passwords, at least to some extent.
For most organizations, that means they are stuck in the password-filled present, but that doesn't mean there isn't a passwordless future.
Passwords usually aggravate users due to all the associated friction.
Nobody likes memorizing long strands of letters, numerals and symbols to conduct the simplest business, but weak passwords tend to reward bad actors, which is, of course, the underlying problem.
The trouble is that the safest passwords are typically the hardest to remember, so there is a high amount of friction.
In a world where hackers launch an average of 50 million attacks on passwords every day, which equates to 579 strikes per second, according to Microsoft, safety should override convenience, but that often isn't the case.
Attackers often prey on a user's natural proclivity for convenience when people reuse the same ID and password combination for multiple sites.
Once those passwords and IDs appear on the dark web, they can be used for a range of different logins.
In the short term, we need to bridge the gap between the need for a strong, complex password with the reduction of friction for employees.
Nearly half of all Americans still rely on memory to recall their passwords, meaning that they often adopt simple or repeatable words that are easy to remember.
There is an easy solution that both reduces friction and improves security: Password managers.
Organizations taking security seriously can offer employees a subscription to a password manager, which eliminates the need for employees to remember complex passwords while still providing sufficiently robust credentials.
Organizations should consider using tools that regularly check if passwords are compromised, further ensuring the strength of the passwords used.
These help make the organizations more secure, but also add friction which a passwordless future promises to eliminate.
We have seen many of the biggest tech companies like Apple, Google and Microsoft lead the charge into a passwordless future with the use of biometric recognition or facial recognition.
These approaches can be an effective alternative to passwords as it is much harder to fake someone's fingerprints or face than to guess their password, but it still doesn't solve the problem of all the legacy systems that will be in use for years to come.
The process is slow, but if it is done intentionally, organizations can reduce the number of things passwords are needed for and then the number of people who need to use passwords before finally eliminating them.
The passwordless future feels close because we have the technology to do it, but progress will be slow as applications are migrated to adopt passwordless authentication.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 07 Dec 2023 13:43:04 +0000