In 2022, over 24 million passwords were exposed.
Are passwords becoming pointless? Even if you have one, it seems like every day there’s a new cyber attack on a business, leading to compromised details. And apparently, the average person has 80 passwords. But we find that so difficult to believe.
Another study found that 13% of people have the same password for everything, and 50% of employees will use the same passwords across business systems. Are we moving towards an era of web authentication (WebAuthn) and passwordless access?
Would you say the people with 80 passwords are safer than the people who use the same passwords? And what about the shifting cybersecurity landscape means passwords are becoming so vulnerable?
Read on to find out.
Are Passwords Pointless?
So, let’s get right to it. Are passwords pointless? No. Passwords will never be pointless—do you want all your accounts open and ready for anyone to access? No. The title is trying to make the point that passwords are as much of a defense as they used to be.
The answer to that question is no. But the issue might not be the password; it might be people attempting to hack an account using passwords.
Passwords have long been the first line of defense against unauthorized access to personal and business information. Still, even the most difficult combinations are exposed because cybercriminals have developed sophisticated techniques for cracking passwords that make Identity Threat Detection and Response (ITDR) tricky. You wouldn’t believe the technology they have that functions using mathematics and statistics.
The traditional password-only approach is becoming insufficient. Phishing, keylogging, and brute force attacks all expose passwords to theft.
Is There Such a Thing as a Safe Password?
To be blunt – no.
The concept of a ‘safe’ password is becoming increasingly elusive. A safe password should be lengthy, complex, and unique for every account. However, even the strongest passwords can be breached when handled poorly. When, for example, a password is kept in an unencrypted form or sent insecurely over channels, its strength doesn’t matter.
Human error plays a significant role in securing passwords. People typically choose easily memorable ones that attackers can guess easily. And password guessing help questions don’t help – they’ll ask you questions like ‘the name of your high school best friend.’
That is becoming less common, but so many websites still do this. It almost forces people to pick a password based on the question they’d have to remember the answer to if they forgot their password. And, despite numerous warnings against their use, common examples like 123456 or password123 still dominate.
Password managers solve this problem by generating strong, complex codes that they store securely. These tools also automatically insert such codes when required, reducing incidents of reusing codes. Still, even so, password managers are never foolproof.
What Changes to Cyber Security Are Making Passwords Almost Pointless?
Several developments in cybersecurity have raised questions about the relevance of passwords. The most significant change is the introduction of biometric authentication.
Biometric methods like fingerprint scanning, facial recognition, and voice authentication provide enhanced security because they are unique to a person and almost to copy. The biometric fingerprint is by far one of the safest ways of account protection at present because someone would have to be with your device and fingerprint to gain access.
Another development is the widespread adoption of MFA. MFA requires users to provide two or more verification factors to permit access to their accounts.
These include something that a user knows, such as a password, something a user has, such as a security token or mobile device, and something a user uses, for example, biometric data.
The only issue is that if you lose access to one of these factors – like if you change your phone number – it’s almost impossible to gain access.
How Hackers Hack Passwords
Do you know how hackers try to hack your passwords? Here are the most common methods:
- Phishing: Attackers employ deceptive emails or messages to trick users into revealing their passwords. Well – they’re not too deceptive – but 43% of phishing attacks are successful.
- Brute Force Attacks: The hackers use computers to try all combinations of characters until they find the correct password. This method takes time but can work against weak passwords.
- Keylogging: A user’s device may be infected with malware that captures keystrokes as a person types. That can include password entries. Keyloggers are elusive and can compromise several accounts at once.
- Credential Stuffing: Lists of leaked or breached passwords are used by attackers on other accounts. Since many people reuse the same password on different sites, this technique is very successful.
Tips on the Best Password Creation
If you couldn’t tell by now, you need a strong password. Here are our best tips:
- Use Long and Complex Passwords: A good password should have at least 12 characters, a mix of upper and lower-case letters, numbers, and special characters.
- Avoid Common Passwords: Avoid using easily guessable words such as password, 123456, or personal information like names or birthdays.
- Unique Passwords for Each Account: Never repeat your previous account’s password across multiple accounts.
- Password Managers: Try using a password manager that helps you generate strong passwords.
- Regular Updates: Periodically change your passwords to minimize long-term exposure. The recommendation is every three months, but the sooner, the better.
What do you think about whether passwords are becoming pointless? We wouldn’t say they’re becoming pointless – people just need to be more sensible with their password selection and management. Do you need to change your password?
Stay Ahead in Cybersecurity! Follow Us for the Latest News, Whitepapers, and Infographics on LinkedIn & X !