World Password Day – 27 or None?Veridium Editor | May 7, 2020
Since 2013, the first Thursday of May has been designated as World Password Day – a celebration to promote better password habits. As a security measure, passwords have a long history, and were first used to protect data in the 1960s. Since then they have become the gatekeepers to unlocking our digital profiles that are hosted across a wide range of websites and devices. However, many individuals continue to use passwords in a way which exposes themselves or their workplace to risk.
Passwords are the weak link for businesses, particularly as 19% of enterprise professionals use poor quality passwords (such as 12345), and 13% of professionals share passwords with other users and between different accounts. Employees are also expected to remember up to 27 passwords, and let’s face it, how many of us can remember that many?
The main issue with passwords is that, for them to be secure, they need to consist of an unfamiliar word, of eight letters, changed every 60 days and not used anywhere else. It is therefore not surprising that comprised passwords account for almost 80% of data breaches.
And what about the security cost?
Last year 75% of large organisations reported to have been hacked by bad actors, and the threat is only intensifying. Identity and e-commerce fraud is projected to cost $130 billion by 2023, which is progressively being amplified by artificial intelligence-powered ‘deepfake’ threats which imitate characteristics such as voice. Phishing attacks alone have risen an unprecedented 667% in the UK, compared to February, as a result of hackers tricking users via fake coronavirus alerts. It’s therefore no surprise that passwords are becoming recognised as an outdated and costly method of authentication, and a frequently utilised attack vector.
The death of the password
Gartner forecasts that by 2022, 60% of businesses will have cut their reliance on passwords by half, but it’s not a stretch of the imagination to assume that this trend might well be accelerated due to the pandemic landscape.
More and more organisations are turning towards biometric authentication to fight against increasingly sophisticated cyber threats – whilst enhancing the user experience at the same time. Integrating fingerprint and behavioural biometric authentication – which uses artificial intelligence to identify unique mannerisms such as gait, or patterns of behavior such as the time of day an app is accessed, as well as location, is being regarded as the final frontier in security, and a solution to these advanced threats.
Without a doubt, passwordless authentication, and in particular biometric technology, needs to be considered and factored in to all critical business planning. This is a decision that needs to be made by many organisations, before they too are caught out.