It’s hard to believe that a solution first created in the 1960s is still the primary method used to protect our identities, information and vital business assets. Despite enthusiasm for technology designed to replace them, passwords have proved remarkably resilient; however, the de facto username-password combinations are also incredibly vulnerable to exploitation.
While 10 years ago people only had to keep track of a couple of passwords – for email and banking, for example – now, the average business user needs to keep track of almost 200. No one can remember every password to every website.
As such, many people tend to fall into one of two categories: using the same password for every account or using a slightly different one for each account. Meaning the door is effectively being left wide open to even the most opportunist criminal. And even if their password does contain the most complex combination of characters, there is still a high chance of it being intercepted from device to service.
All this means there is a very high chance that a cyber criminal will be able to hack into your business and personal online accounts and access whatever data is stored in it. Luckily, advances in technologies and authentication methods means this may soon be about to change…
What’s in store for the future?
At the Identity and Access Summit in 2016, Gartner talked about a ‘third wave’ of authentication. The first wave being the password, the second wave being two-factor or multiple-factor authentication and the third wave being what Gartner refers to as ‘recognition technologies’. These include a mixture of mobile, PC, analytics, biometrics and continuous authentication which provide more resilience than the legacy methods still in use today.
Mobile devices, in particular, have spurred the adoption of biometric authentication – such as fingerprint recognition and the release of Face ID on Apple’s iPhone X. Both are faster and more seamless for a customer or employee to use than remembering and typing a password. More recently, advances in technology have also led to the development of ‘security keys’ which unlock your accounts in a similar way to having keys to a house.
Companies are finally beginning to realise that the typical username-password combination just isn’t that secure. While others, such as Microsoft, have already started making moves to replace traditional passwords with biometrics and security keys.
Released in 2015, Windows Hello authenticates users through facial recognition or a fingerprint. But new developments mean you can now sign into your Microsoft account with either your face or a physical security key – no password needed.
In its October 2018 update, Windows 10 added support for ‘FIDO2 hardware authentication’. As of November, users have been able to use a compatible security key (often called a Yubico key) on Outlook, Office, Skype, OneDrive, Xbox Live, Bing, the Microsoft Store and Windows itself. Both options offer two-factor authentication in one step, requiring both a registered device and a biometric or PIN to successfully sign in.
You can get started with Microsoft’s ‘passwordless’ authentication by setting up Windows Hello on your computer or by registering your physical key in the security section of your Microsoft account page while using the Edge browser.
The road to widespread adoption
This new standard isn’t exclusive to Microsoft either. These new technologies are already supported in Android, Apple Safari (preview), Google Chrome and Mozilla Firefox.
Surely, this can only be a good thing? Eliminating the need to use passwords also eliminates the temptation to get lazy and reuse weak passwords or to leave them lying around on a post-it note for all to see. And since you’ll no longer have traditional login information, phishing emails asking you to disclose this will be much easier to spot. As a result, data will become substantially more secure.
But while the death of the password may be nearer than ever before, the process isn’t likely to happen quickly and there are still some technical challenges to overcome. Nevertheless, companies should begin thinking about incorporating recognition technologies and hardware authentication into their security strategy now – to keep their business secure in the face of emerging future threats.
In every organisation, IT security is paramount. That’s why we make it our absolute priority at Pro Drive. Our job is to ensure your business keeps up with evolving security technologies and authentication methods to help prevent problems before they ever happen. To find out how we can help keep your data secure in a new ‘passwordless’ world, contact us today.