Passwords as a method of security feel as if they have been around since the dawn of the Internet. The idea behind them is sound, but it practice things have gotten dicey as cyberthreats have evolved.
Typically, people will use the name of someone or something easy to remember, such as their pets or birthdays, as their password. Some still write their passwords down and stick it on their laptop or next to their desktop. Either way, most people reuse their password multiple times to access different resources. Taking this into account, it is easy to see why the number of breaches, such as that of Capital One earlier this year, are increasing at an alarming rate.
With the means to steal, lose or ‘give away’ passwords to attackers constantly advancing and data breaches on the rise, it is likely that most people will be using passwords that have already been compromised.
According to the Government’s Official Statistics, three-quarters of businesses (74 per cent), and over half of all charities (53 per cent), report that cybersecurity is a high priority for their organisation’s senior management. And so it should be. In a landscape that is repeatedly under attack, it is now critical for businesses to understand why traditional passwords are soon to be obsolete and what new methods of better authentication they need to be aware of.
Out with the old
The online world is ever evolving into a more vulnerable and risky place, and traditional passwords are failing to stand the test of time. For businesses that rely on this old school method of authentication for their security, this leaves the door wide open to some severe problems. Not only do they risk their customers’ personal data being compromised but their employees’ data as well. What’s more, if this data is compromised, they could find themselves having to pay out a hefty GDPR fine, as was the case for Marriott International earlier this year.
Despite the frequent advice to avoid insecure password etiquette, the reality is that 23.2 million victim accounts worldwide still used ‘123456’ as their password. Even if you create a password that has special characters or numbers, the fact remains that this doesn’t make it impossible for a hacker to figure out. Regardless of how complicated a password is, it can still be deciphered, stolen in large breaches or reused by attackers.
If businesses are to ensure that their employee and customer data is safe, they need to start looking at using far superior methods of authentication.
In with the new
Fortunately, the need for change is beginning to be recognised. Within the next two years the Strong Customer Authentication is due to come into play across the EU. Once implemented, anytime someone buys something online that costs more than €30, the humble password alone will no longer be sufficient as a form of authentication. Instead, consumers will need to provide additional confirmation via a two-factor authentication process. This could be in the form of anything from facial recognition, to a PIN, their fingerprint or their smartphone.
And this is only the start. There are a number of two-factor authentication techniques that are increasing in popularity. For example, QR codes, URLs and mobile authentication enables the user to login without providing a password or username. Similarly, push notifications will pop up on a users phone, offering the option to authorise a transaction, decline, or allow access to other devices.
The additional security that these extra layers provide for businesses enables them to not only significantly reduce the amount of times they enter passwords, but also ensures they are better protected.
Biometrics are also increasing in popularity, aiding the leap toward a passwordless future. Whilst one can easily forget their password, you cannot forget your fingerprint. In this way, biometric authentication enables an even easier and smoother experience for securing your information. What’s more, it is much harder to forge someone’s biometrics than it is their password. As such, biometrics provide a much more accurate form of security identification than passwords, lowering the risk of unwanted security breaches.
Change for the better
The days of the traditional password are numbered and businesses need to be prepared for the changes that are set to arrive. Staying in the know, and taking the time to prepare for the authentication alternatives, will enable businesses to protect their employees and customers in the best possible way.
As the means for hackers to attack becomes more sophisticated and the repercussions for businesses who suffer a data breach becomes more severe, traditional passwords will soon no longer be sufficient. It is vital, now more than ever, that businesses put the steps in place to secure their data.
Paul Wilson, Product Management, Total Fraud Protection, Cyxtera