Technology is constantly changing and advancing. It seems that all technologies will eventually give way to something newer and better; but one technology that seems never to get replaced is passwords. Read on to see why passwords have yet to go extinct.
Passwords have always been a cornerstone of security in the world of information technology. For years, there has been a push to replace passwords, with many people calling into question the viability of passwords when compared with newer alternatives. We discussed this with TechQuarters, a London-based IT company that has been providing small business IT support London-based businesses have relied on since 2010. While they confirmed that alternatives to passwords are already here and ready to use, passwords may still be important in 2023 – but why is this?
The Challenges of Authentication
The simplest answer is this: There isn’t a better alternative to passwords, nor is there a cheaper or simpler alternative.
For example, many companies and individuals have been saying that biometrics – such as fingerprint and face scanners – will replace passwords; this form of authentication is already readily available. However, it may only be a matter of time before malicious actors learn to fool these technologies. Furthermore, building biometric authorisation into all devices, platforms, and applications is both time and resource intensive.
There are many other forms of authentication –one-time passcodes (OTP), secure keys, RFID chips. Again, all of these methods are just variations on the same authentication model as passwords.
Why Passwords Fail (and what you can do about it)
There is no denying that passwords are not a flawless form of security. Millions (if not billions) of users have had their passwords compromised – the most common causes of this happening include:
It is a constant source of frustration for IT professionals that many users resort to very weak passwords. Having provided business IT support London organisations have used for many years, TechQuarters attested to the fact that even in 2023, there are still many users that fail to comply with minimum password complexity requirements.
A weak password can be cracked in a number of ways. Firstly, there is the brute force attack – where a hacker/cracker tries every possible combination of characters until the right one is found (using a machine, this can be done in fractions of a second). Then, there is the dictionary attack where the hacker/cracker uses a list of known and/or commonly-used passwords – many security firms curate and public a list of commonly used passwords each year.
Another persistent cyber risk that can be seen in many organisations is the reuse of passwords. This is common behaviour for many users – as it can be difficult to remember lots of different passwords, people opt to use the same password for multiple devices and accounts, not taking into account the fact that, if the login credentials for one account gets leaked, then multiple accounts can become compromised.
This issue has layers of complications, as well. For example, single sign-on (SSO) is a principle that is frequently applied to tenants that have multiple applications, services, or platforms linked together. For example, SSO can be seen in Microsoft 365, Google Workspace, etc. This in itself is not an issue, but if organisations are not conscientious of other security principles, such as access control, a single account breach can provide a malicious actor with access to a company’s entire data estate.
Password Best Practices
While the world is yet to find a foolproof authentication method, passwords will remain a fundamental line of security. While it may seem that passwords are a fragile form of protection, there are ways of ensuring maximum security. Having provided IT support Central London businesses have relied on for more than a decade, TechQuarters was able to offer some guidance on the best practices for password security:
Strong Password Creation
The longer, more complex, and more unique a password is, the longer it will take to be cracked – this is known as password entropy. Using a string of phrases, paired with numbers and special symbols, will help maximise the complexity and uniqueness to the password.
An example of a high-entropy password might be: Harness-Debug-Resonant4-Freebase
This combination has an entropy score of over 100, meaning it would take centuries for a brute-force attack to crack it.
For many, memorising a complex and unique password for each and every account or device would be impossible. Password managers like LastPass or BitWarden encrypt and store login credentials, allowing users to auto-fill passwords, while keeping them safe.
Multi-factor Authentication (MFA)
As we have mentioned, all modern forms of authentication are more or less as secure as each other. However, using multiple forms of authentication exponentially increases the security of an account. It is generally agreed that MFA offers the greatest level of security, while remaining accessible across all platforms.