Open Sesame: It’s Not As Reliable As You Think

We all have them. We use them in almost every single part of our daily lives from day to night.  We have become reliant on them to secure our data but experts say passwords are not as safe as we think.

When signing up for websites, users are asked to come up with a password and usually, it is something that they can easily remember. Commonly, these chosen passwords are weak and can be easily guessed, making them vulnerable to threats. It is reported that 43% of US adults have shared their passwords with a partner or family member and 51% of people use the same password for work and personal accounts. This shows how people can be reckless when it comes to their information, oblivious to the dangers lurking in the web. However, it is true that some users use stronger passwords but in this day and age where technology and knowledge is progressing rapidly, password-cracking tools and social engineering have advanced as well. These tools and method are able to easily break into accounts and steal sensitive data, potentially leading to identity theft or loss of funds.

One might think that changing passwords regularly is a sure way to get rid of those hackers but unfortunately, it does not do much. Majority of people who do usually make small and predictable changes to their existing password. In 2019, Microsoft announced that they will be removing the password-expiration policies. They stated that “Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value.”

It is said that majority of data breaches are caused by human error and with the data presented above, it is easy to understand why. Users lack the education on cyberattacks and the damage that they can potentially inflict. Bill Gates, co-founder of Microsoft, was quoted in 2004 in a RSA Security conference saying “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems… they just don’t meet the challenge for anything you really want to secure.” There is truth in what Gates has illustrated. Just this month, Cybernews reported that over 8 billion password entries was posted on a popular hacker forum. This compilation, labeled as “RockYou2021”, was a combination of previous leaks and breaches. Considering that there are 4.7 billion people online, is it alarming to know that this compilation holds almost double that amount, potentially affecting majority of users in the world.

What does this all mean for passwords? Should we get rid of them? The simple answer is no. Corporate networks rely on password authentication protocols and numerous systems are built on password-only authentication. It will be impractical to modify and change all these protocols that have been implemented and practiced for years but we are able to add another layer of protection to them. Biometrics and Multi-Factor Authentication (MFA) are just two solutions that companies can take into consideration.

Biometric authentication uses a person’s physical or behavioral traits to give access to a network, device or data. These identifiers range from finger prints, facial features to physical movements. A popular example is  Apple’s Touch ID and Face ID. However, there are cons to this method. It suffers from accuracy issues and can be rather expensive. Multi-Factor Authentication on the other hand is a security method that requires multiple verifications to gain access to data or network. The goal of this method is to add a layered defense to make it difficult for hackers to access, requiring two or more verification methods like passwords, PIN codes, and one-time passwords (OTPs). It is said that MFA reduces the risk of breaches by 99.9% over password alone but it can also be seen as inconvenient for some. This method requires the implementation of software agents and proxies on the protected system and must constantly be updated to keep the hackers at bay.

There is no doubt that cyberattacks will continue on but adding another layer to your network greatly reduces the likelihood of breaches. Password-based authentication is no longer reliable, especially in the world today, but fortunately, companies are now able to keep up with increasing threat. An example of this is Silverfort.

Silverfort is a leading cyber security company that applies a MFA to your network. They are the first company to offer the first agentless, proxy-less authentication platform. Their solution seamlessly adds another layer to the system while continuously monitoring all human and machine access requests in all systems while analyzing risk and trust levels in real-time. Silverfort’s platform gives you the security and protection that you need.

——

References:

Tamir, Dana. “Passwords: Can’t Rely On Them, Can’t Live Without Them.” Silverfort, 1 July 2020, www.silverfort.com/blog/passwords-cant-rely-on-them-cant-live-without-them/.

Bickerstaffe, Emma. “Security Think Tank: Passwords Alone Are Not Good Enough.” ComputerWeekly.com, ComputerWeekly.com, 9 July 2018, www.computerweekly.com/opinion/Security-Think-Tank-Passwords-alone-are-not-good-enough.

Vojinovic, Ivana, et al. “Save Your Data with Empowering Password Statistics.” DataProt, 12 May 2021, dataprot.net/statistics/password-statistics/.

Rafaeli, Raz. “Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives.” Entrepreneur, Entrepreneur, 7 Mar. 2018, www.entrepreneur.com/article/309054.

Korolov, Maria. “What Is Biometrics? 10 Physical and Behavioral Identifiers.” CSO Online, CSO, 12 Feb. 2019, www.csoonline.com/article/3339565/what-is-biometrics-and-why-collecting-biometric-data-is-risky.html?page=2.

Mikalauskas, Edvardas. “RockYou2021: Largest Password Compilation of All Time Leaked Online with 8.4 Billion Entries.” CyberNews, 11 June 2021, cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/.

 

 

 

Previous

Next