Why Companies Are on the Verge of Getting Rid of Passwords
Most passwords can be cracked in a matter of seconds. In a 2015 interview, Edward Snowden said, “For somebody who has a very common eight-character password, it can take less than a second for a computer to go through the possibilities and pull that password out.” That’s pretty scary considering how many of us use the same password across all online platforms, from Twitter to email to online banking. One password might be all a hacker needs to wreak serious havoc.
Companies like Google, Facebook, and Microsoft are on a mission to do away with passwords altogether among their workforces of 100,000+ employees. However, a full shift to a password-free culture will take time. They’re making efforts to impel the transition by employing multi-factor authentication, security keys, and biometric authentication.
Forms of authentication include what you know (password), what you have (device), and who you are (fingerprint scan, facial recognition). A password alone is the weakest form of authentication. A better way to secure your devices and accounts is multi-factor authentication, which employs a combination of these methods to hinder hackers.
Passwords Are Expensive
IBM published a study conducted by the Ponemon Institute that reported the average total cost of a data breach in the U.S. to be $8.19 million.
Merritt Maxim, VP & Research Director at Forrester, says, “Our research has shown that the average, fully-loaded cost of a help desk call to reset a password is anywhere between $40 or $50 per call. Generally speaking, a typical employee contacts a help desk somewhere between six and ten times a year on password-related issues.” That’s could cost thousands—or even millions—of dollars per year.
Microsoft’s Alex Simons reports spending more than $2 million per month on help desk calls helping employees change passwords.
A company could also experience a great loss in the form of stolen data or finances if a password is cracked.
What Does the Future Hold?
It will be years before we do away with passwords altogether, but the following security measures are on the rise.
Advanced use of biometric authentication: Apple introduced touch ID in 2013 and facial recognition in 2017. According to Apple, “The chance that a random person could use their fingerprint to unlock your iPhone is about one in 50,000. What are the similar statistics for face ID? One in 1,000,000.” Biometric methods are widely used by many companies and individuals and are growing in popularity because of the ease of use and level of security.
Security keys: These small USB devices serve as the physical verification that you are the authorized user of an online account credential. Once added, you no longer receive a text message or a code online to validate, you simply insert the key into your computer and press a button. In 2017, Google began requiring employees to use security keys, and in 2018, they reported that none of their employees had fallen victim to a phishing attack.
Voice recognition: Chase Bank and Barclays have set up voice biometrics so customers’ voices automatically match to a previously recorded voice print. These banks report that pitch, accent, and shape of the mouth are among the hundreds of characteristics used to identify a customer’s voice. Voice recognition could become a popular form of authentication in years to come, but it could be a potentially tricky method to master.
How to Protect Passwords
- Use a passphrase instead of a typical eight-character password. A password like “JohnDoe123” is much easier to crack than “the quick brown fox jumps over the lazy dog” (obviously we don’t recommend this particular sentence—but you get the idea). Consider replacing some of the letters with numbers or symbols, or misspell a word: “th3 qu!ck bronw fox jump$ ov3r th3 l@zy dog.”
- Don’t include personal information in passwords, like your name, birth year, children’s names, city, etc. This information is easy to find and it doesn’t require much effort for a hacker to crack.
- Change default passwords.
- Use password-protected Excel documents to track usernames and passwords. The current version of Excel has strong encryption that’s almost impossible to break. Make sure access to the file is protected by a strong password.
- Use a password manager like Dashlane, Keeper, or LastPass. Use a strong password to access the chosen manager. Many of these managers will create strong passwords for users that are almost impossible to break.