You open your inbox on a busy Monday morning. And there comes the prompt to update your password. It feels like just last week, you went through the rigmarole of creating a complex password with uppercase letters, numbers, and symbols. And yet, here you are again.
Unfortunately, this happens all too often at home as well. You switch on your streaming app to unwind, and here comes the prompt to enter your password. Of course, you can’t remember what it is because there are so many apps, and you are forced into an internal struggle while you should be unwinding.
That’s when you end up doing the unforgivable. You use the same password for all your accounts at work and at home. You throw in personal information like your date of birth, your dog’s name, and, to mix things up, maybe your favorite special character.
And just like that, you made a hacker happy, somewhere out there.
Password fatigue is a real thing. Remembering so many passwords for a plethora of apps we use for work and home is tiring, and we end up missing the whole point of passwords.
In a recent LinkedIn poll we conducted, 30% admitted that they use the same password for all their accounts. In their World Password Day survey, Bitwarden revealed that 25% of respondents reuse passwords across 20+ sites or apps at home, and 36% include personal information in their passwords.
The truth is, we know this is a risky habit. Yet we take a chance and do it, revealing a huge gap between security best practices and actual practices.
According to Statista, the most common password in 2023 was ‘123456’ – an easy target for brute force attacks. Other than making a hacker’s life easy, passwords like this defeat their very purpose. A Techreport survey reveals that 80% of breaches involve weak or stolen passwords.
In the article I wrote commemorating World Password Day last year, I went into great detail about the risks associated with weak passwords. Some of these risks include:
Cyberattacks, as well as hackers, are fast getting smarter. Outsmarting them requires much stronger passwords or getting out of the password paradox altogether.
Long, complex passwords might not be the easiest to create or remember, but they are highly important to stay safe against the above attacks. Stronger passwords make these attempts much, much harder, creating an undefeatable fortress for your digital accounts.
However, keeping track of all your strong, complex passwords across different accounts can be daunting. This is where password managers come in handy. They generate, store, and autofill complex passwords for you. They come with several benefits:
Passwords have served us well for a long time, but in the face of evolving cyber threats, it’s time to accept that they are past their prime. This is where I will build a compelling case for why passwordless authentication is the future of data security.
When we use passwords, we rely on something we know to verify our identity. Passwordless authentication takes a different approach. It utilizes alternative methods to confirm you are who you say you are, often leveraging:
A few ways in which passwordless authentication can be achieved are:
We have also entered the era of secure and convenient login experiences through passkeys. Passkeys replace traditional passwords with strong, unique cryptographic key pairs stored securely on your devices.
Passkeys are resistant to brute-force attacks and phishing scams, as there’s no password to steal. They’re also highly convenient. Just a tap or a scan, and you’re in. Passkeys are still under development, but major tech companies like Google and Apple are actively involved in their creation and implementation.
Passwordless authentication is rapidly gaining traction. It offers a more secure and user-friendly approach to securing our digital lives. As technology advances, we can expect even more robust and convenient passwordless solutions to emerge.
But what about now?
For now, going completely passwordless is not the ideal solution because passwordless authentication is not quite there yet. For example, a biometric login will work only if the scanner works. A malfunctioning scanner will block you out of the system. Passkeys, since they are a new concept, only work on the latest operating systems. This will change, but it will surely take time.
Passwords must serve as the first layer of security instead of the only one. They should be enhanced with 2FA/MFA to give an added layer of security. For those of us who are more comfortable with passwords, password vaults offer a highly secure way of storing them.
No more cognitive dissonance between what needs to be done to secure your digital lives and what is actually being done. No more password fatigue. To stay ahead of evolving cyber threats, all you need to do is use the same advancements in technology to your advantage. Instead of settling for a security tug-of-war, you can win the war altogether.