Still using passwords? You’re at risk
Another day, another new account. Another username and password to manage. While technology evolves at a rapid pace, many organisations still rely on a method of authentication that is becoming a relic: the password. Much like the floppy disk, the password's time has passed, yet it remains a common feature of our digital lives.
Are Passwords a Thing of the Past?
Another day, another new account. Another username and password to manage. While technology evolves at a rapid pace, many organisations still rely on a method of authentication that is becoming a relic: the password. Much like the floppy disk, the password's time has passed, yet it remains a common feature of our digital lives.
This reliance on outdated security poses a significant threat to both personal and organisational security and privacy. From social media profiles to confidential photos and financial information, passwords are the fragile keys to our digital kingdoms. The mistake is to assume a data breach is something that happens to others; in reality, it is a constant and pressing threat.
Let's examine the facts.
The Human Element: Common Password Pitfalls
Even the most well-intentioned password policies are undermined by human behaviour. The fundamental flaw of passwords is that they place the burden of security on the user, leading to several predictable and dangerous habits.
- Password Reuse: It is common practice for users to reuse the same login credentials across multiple services. While convenient, this creates a single point of failure. If one account is compromised, the security of every other account using those same credentials is at risk.
- Password Stagnation: Passwords, whether user-created or system-generated, are often left unchanged for extended periods. This gives malicious actors a much wider window of opportunity to exploit stolen credentials. A breach that goes unnoticed for months could have devastating consequences.
- Weak and Predictable Passwords: People tend to choose passwords that are easy to remember, such as a pet's name or a significant date. This makes them predictable. Every year, security reports list the most common passwords (like '123456' or 'password'), and they are always the first that attackers will try.
- Insecure Networks: Using public Wi-Fi in places like cafes or airports can expose your credentials. These networks are often unsecured, providing an easy opportunity for cybercriminals to intercept data, including usernames and passwords.
Why 'Strong' Passwords Are a Weak Defence
For years, the standard advice has been to create 'strong' passwords by following a set of complex rules: a mix of uppercase and lowercase letters, numbers, and special characters. However, this approach is fundamentally flawed.
These requirements are a burden to users, who often find creative but insecure ways to comply, such as writing the password on a sticky note. In effect, attempts to enforce stronger passwords can inadvertently lead to weaker security. Furthermore, the tools available for cracking passwords have become incredibly sophisticated, making it only a matter of time before even a complex password can be broken.
A Better Way: The Rise of Modern Authentication
Research indicates a growing distrust in traditional username and password systems. Many users would abandon a service entirely if their data were stolen or their account compromised. While there is an appetite for more secure alternatives, there is also a perception that they will be more complicated to use.
Fortunately, this is no longer the case. Modern solutions such as Mobile ID and Smart-ID offer a combination of superior security and a simplified user experience. Logging in takes less time than typing a username and password, often requiring just a simple 4-digit PIN on a trusted device.
You might ask how a simple PIN can be more secure than a long password. The security lies in the underlying technology:
- Device-Centric Security: These solutions are tied to your specific smart device. To even attempt to access your account, a thief would first need to have physical possession of your phone.
- Layered Protection: Access is further protected by the device's own lock code and then the application's PIN.
- Attempt Limits: After a few incorrect PIN attempts, the service is automatically blocked, preventing brute-force attacks. Re-activating it requires a secure, in-person identity verification process.
- Advanced Cryptography: At their core, these methods are built on Public Key Infrastructure (PKI), a far more robust technological foundation than a simple password. Each transaction is confirmed with a unique, encrypted signature.
Therefore, when a service provider offers you the opportunity to register or log in with a modern authentication method, you should take it. The next time you see a headline about a major data breach, you can have confidence that your accounts are properly secured.