Passwords set to become obsolete as companies take security out of our hands

As stolen passwords are the reason behind most hacks, is now the time to wave goodbye?

Of the billions of data hacks in 2018 a huge 81% were down to stolen or leaked passwords. Why? Because while technology is becoming more advanced, our ability to create effective passwords and therefore protect our data and money online is not progressing anywhere near as fast.

'123456'

In 2018, the average cost to a company for a data breach was $3.92 million (£3.39m), while the average cost per individual record was $141 (£122), according to IBM research, and yet the most common password remains the faithful stalwart ‘123456’.

In fact, analysis by the UK National Cyber Security Centre in April 2019 found that a staggering 23.2 million victims worldwide had used the simple numerical combination and come undone.

Other easily hacked passwords included the name ‘ashley’, band ‘blink182’, and Premier League football team ‘liverpool’. The classic ‘password’ had seen 3.6 million breaches.

Killing off passwords

It seems we can’t be trusted to protect ourselves online, and several tech companies are taking action to get rid of passwords altogether. After three years of talks The FIDO Alliance launched in 2012, which is an initiative by PayPal, Lenovo, Validity Sensors, Nok Nok Labs, Infineon and Agnitio to kill off the password.  

Google joined in 2013, and two years later announced its intention to remove passwords entirely from Android phones to rely on something far more personal: biometric indicators such as facial recognition and fingerprints.

Biometric indicators such as facial recognition and fingerprints are set to replace the password. Image: ShutterstockFour years later, and passwords are still present on Android phone applications, but in August 2019 Google announced that Android users will be able to log into certain web services through Chrome with just their fingerprint.

Google isn’t the only one starting to do away with the humble password. In late 2018 using FIDO technology Microsoft created Windows Hello, a biometric log-in system for the Microsoft Edge browser, so that users could log into Microsoft products such as Outlook and Skype without using a password.

It makes sense: most of us have been using a touch entry to our iPhones since 2013, and modern-day passports have chips that enable you to be identified by facial biometric authentication as another level of security. But this is the first time that fingerprints will be able to unlock accounts in a web browser, without any password at all.

How to protect your accounts

Despite these developments it’s not quite there yet. The fingerprint unlocking only works for certain, selected programmes, and it will be years before biometrics replace every instance of a password. 

With the average person having 200 internet accounts that need passwords, according to research by ESET, it’s not surprising we try to keep things simple and memorable. In fact, despite 91% of people knowing they shouldn’t use the same password for multiple accounts, 59% still do, at both home and at work.

So in the meantime the advice from experts is to use a password manager such as 1Password or LastPass, where a system creates complex, unique passwords for you, and you don’t even have to remember them. This doesn’t ensure complete protection – at work someone else’s weak password could put the whole database at risk – but it’s the best way to protect yourself.

If you’re worried you might have been hacked for your basic password, check your email and passwords at haveibeenpwned.com, a site set up by Microsoft regional director Troy Hunt to index email addresses and passwords that have been seen in breaches.

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.