Last updated: June 4, 2018
Is the Password Dead?
Your password has expired again! Time to come up with a new one.
Be sure to use at least one capital letter, lower-case letter, a symbol, and a number.
And don’t use anything that can be easily guessed, like the name of your street, child, or pet. Random strings of letters, symbols, and numbers are the most secure.
To keep your account safe and secure, don’t write it down anywhere where someone else can find it! The safest place to keep you password is in your head.
After a few error messages, you finally cobble together the perfect frankenstein monster of a password. Random numbers, letters, symbols; it’s got everything. No one will ever be able to guess it…
Including you, when you try to remember it to log in the next day.
The whole password system seems fundamentally flawed. We’re taught to create passwords complicated enough to be unguessable and unhackable, and consequently impossible to remember. And to foil hackers, you’re supposed to use a different password for every single login, which can easily number into the hundreds.
It’s no wonder the vast majority of people use insecure passwords, or repeat the same password for multiple sites. If they didn’t, they wouldn’t be able to access their accounts at all. When you look at it this way, it’s the system that’s at fault as much as the people who ignore password standards.
Passwords have been in use since the 1960s, and the system hasn’t changed much since then. You’d think that with how technology has advanced so much since then, we’d have come up with a better computer security system than this.
While the system hasn’t changed much in the past 50 years, a security revolution could be just around the corner. In the next 10 or 20 years, you could be logging into your bank account with your fingerprint, or accessing your email with a retinal scan.
Can’t imagine a world without passwords? Check out the graphic below to discover what new security systems are in the works, and when they’ll be rolling out to a computer near you.
Transcript: Is the Password Dead?
We’ve all stared at our screens trying to remember that password and hoping we don’t get lockedo ut of the account when it’s wrong. What does the future look like for passwords in a world full of convenience, hackers, and sensitive digital data?
Why is the Password Dying?
- Passwords were designed in the 1960s to regulate access to files on large, shared mainframe computers.
- Originally no personal data was accessible.
- Passwords can now access almost any personal data.
- Order airline tickets, clothing, or a new library collection.
- Hijack cloud accounts full of purchased music and movies, as well as personal photos, videos, and other files like research or creative writing.
- Online banking information, including credit cards and savings accounts.
- They can be used anywhere with a web connection.
- Passwords are often insecure from the start.
- About 74% of people reuse the same password for multiple accounts.
- The most common password is simply “password”.
- With 71% in the top 500 passwords, about 91% are one of the one thousand most common.
- Only about only 44% of users change their passwords once an account is created.
- More than 50% of users forget their chosen passwords.
- Passwords are easily hacked.
- Weak admin passwords are the culprit for about 80% of security incidents.
- Most hackers can guess a 6-character, lower-case password 10 minutes or less.
- Over 378 million people are victims of cybercrime annually.
- Password hacks are expensive.
- The global consumer cost of password hacks is about $113 billion.
- The average data security incident in the US costs businesses about $5.4 billion each time.
- Identity theft victims spend on average more than 500 hours and $3,000 cleaning up the mess.
- Two-factor authentication helps, but it’s imperfect.
- These are usually in the form of a text to a phone or logging into a secondary account.
- Two-factor authentication can be clunky and can get in the way of the user experience.
- FIDO Alliance
- FIDO is Fast IDentity Online, a non-profit consortium of businesses that work on creating and promoting technologies that reduce dependency on passwords to authenticate users.
- In 2010 PayPal security partnered with fingerprint security entrepreneur Ramesh Kesanupalli and Secure Sockets Layer (SSL) creator and cryptographer Taher Elgamal.
- In 2012 they launched the FIDO Alliance, which now includes Google, Microsoft, and MasterCard.
- Zero-Knowledge Proof
- An innovative protocol, Zero-Knowledge Proof keeps actual data of fingerprints and iris scans protected.
- Using local fingerprint readers, sites can log into accounts automatically without giving away any fingerprint or iris information.
- A single device can prove your identity to the entire web simultaneously.
- Fairly secure since you need the combination of a particular fingerprint and a particular device.
- Key fobs are in the works for using fingerprints to log in.
- It may take the form of a compact USB key that would not exchange information and therefore cannot be hacked.
- The physical element would be impossible to crack digitally.
- Deliberately not part of FIDO in order to keep their Touch ID technology protected from other developers.
- The Touch ID algorithm is designed to learn each time it’s used, updating data as better scans are introduced.
- The technology has problems occasionally sensing the presence of a finger and then sometimes giving a false negative to the correct finger.
- Currently the Touch ID technology only logs into the iPhone 5S and iTunes.
- Systems are still very new and relatively untested.
- Consumers might get creeped out by fingerprints and eye scans.
- Consumers might not like they can’t borrow a friend’s device to log in.
- Some solutions may not be convenient, as carrying around a USB key or other device may be deemed annoying.
- Some technologies are very sensitive and difficult for consumers to use properly, which affects the user experience.
Keeping our digital data in lockdown is becoming ever more important. As technologies progress, we may end up laying the password to rest… or will it rise again with a new look and an improved strength to keep hackers out?