We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
12
6
2016
1.24.2023

Is it Time for the Password to Go the Way of the Dodo?

Last updated:
9.16.2020
1.24.2023
No items found.
digital security

Passwords – we love to hate them. Despite scribbled pages of notes and password keepers, we always forget them at the most inconvenient time. (By the way, written notes are a very insecure way to remember your password). They expire before we remember to reset them, as the IT department sets required password change rules. These days it feels like they have to be one hundred letters long, including hieroglyphics, roman numerals, and emojis.

And despite all that, they still aren’t very secure. Every few months we hear about another massive breach. One of the biggest, and most recent, was Yahoo. The company only just reported a 2014 breach that compromised 500 million users’ names, e-mail address, and other personally identifying information. If the password information could be decrypted and used along with this other PII, user accounts across other services – even bank logins – could be accessed. According the 2016 Verizon Data Breach Investigations Report, compromised passwords were used as a means of access for many attacks as well.

Is it time to ditch passwords all together? What might replace them? The technology, it turns out, is just around the corner.

 

The Password Problem

As part of National Cyber Security Awareness Month, the White House encouraged US citizens to use stronger authentication whenever possible, claiming that using fingerprints or two-factor authentication prevent 62% of data breaches. But what exactly is wrong with passwords, anyway?

For one, users don’t use password best practices for security, like changing them regularly, making them unique, using long phrases, or taking advantage of a password manager. Only 29% of people reset passwords for security reasons, and the most common password — still — is 123456.

Brute force guessing (facilitated by computers, usually), man in the middle attacks (which intercept online communications), keyloggers (software and/or hardware that stores your key strokes), and phishing (legitimate-appearing e-mails from hackers to reset or gather your account information) are all other ways passwords can be discovered.

Service providers do usually store passwords in an encrypted format – such was the case with the Yahoo breach, and the reason the company cited for not requiring a password reset for every user. But encryption can be reverse engineered. For example, 177 million credentials were stolen from LinkedIn in 2012. They were encrypted with “unsalted” SHA1, an easily cracked algorithm. (Salting refers to adding random data to an encrypted phrase for additional security.)

Even some additional security features used alongside passwords have their issues. Security questions are often guessable, or can their answers can be found with some web sleuthing on a target. Changing them is often difficult after a security breach. They are also susceptible to the same storage and encryption problems as passwords.

 

What’s the Next Form of Authentication?

It’s looking increasingly likely that physical attributes and behavior will be used as a new way to confirm your identity. With the majority of people now carrying around sensor-packed pocket computers complete with multiple cameras, fingerprint sensors, and tracking abilities, a combination of face recognition, biometric/fingerprint scanning, and other factors are taking off as password replacements.

Google is developing the Trust API, which will use those biometric factors as well as tracking how you type and use your device to attempt to thwart unauthorized users. Microsoft is planning to use fingerprints, iris scanning, and facial recognition. Apple and Android devices can already unlock by fingerprint.

Individually, a facial scan or even fingerprint can be less secure than a password, as they can be faked. But a combination of them could be more secure. And new technologies enabled by machine learning, like tracking and predicting user behavior to recognize where and when you typically log into a service, could help remove the visible authentication step entirely.

 

It all sounds very futuristic, but the death of the password is probably nigh. Even with the advent of smarter authentication techniques, it’s wise to take every step you can to protect your digital identity and credentials. The best security is preventative.

Recent Blog Posts

lunavi logo alternate white and yellow
1.24.2023
11
.
18
.
2022
Business Intelligence: The Present and Future with Director of Data Analytics, Jeff Thomas

Join us as we dive into the world of data analytics with our very own, Jeff Thomas. With 18 years of experience in this field, Jeff shared valuable knowledge and insight on the current trends of data analytics and where he believes the field is headed. We also discussed the challenges and barriers that enterprises face when implementing data analytics practices, Jeff explains how to rise above these challenges and use data to your competitive advantage.

Learn more
lunavi logo alternate white and yellow
1.24.2023
02
.
15
.
2022
Service Changes Coming to Microsoft 365 & Office 365

The NCE offers new subscription terms including 12-month and 36-month plans priced lower than monthly contracts. In addition, it is easier to add seats, cancellation policies are more consistent, and there are two promotional options to lock in a better rate for your current renewal. However, the mandatory new plans do include price adjustments.

Learn more
lunavi logo alternate white and yellow
1.24.2023
01
.
21
.
2022
Automate Your Cloud with Azure Bicep

Azure Bicep is a great way to implement Infrastructure as a Code to automate the provisioning of Azure resources. In this post, I’ll get you started by describing how Bicep language works as well as key differences and similarities between Bicep and ARM Templates.

Learn more