Will you be able to imagine a future in which we can be safe online without the need of remembering an unwieldy list of passwords? Solutions are evolving that could make passwords unnecessary, but there will be other security issues to resolve. Passwords are one of the important pillars of security and specifically of authentication. Used by Roman guard during the night shift, they are one of the cornerstones of online security.
Although the technological spectrum has altered considerably as gladiator games, apart from a few recommendations on their intricacy, the rules for the usage of passwords have hardly changed. To embrace the fourth Industrial Revolution, it is the time to render to Caesar the things that are Caesar’s and to implement authentication solutions worthy of the time.
More passwords, less safety
The explosion of the online services has led to a drastic rise in the number of professional and personal accounts- some 191 on an average, as per a study conducted in the year 2017. As a result, the re-utilization of passwords from one account to other, or the creation of passwords following a simple guess pattern, are some of the bad practices.
So, how can IT managers properly secure access to a corporate network, when half of the employees authenticate with a similar password that they use for logging in into their Gmail and Amazon accounts?
It is a difficult question and offloading the responsibility onto the users by enacting increasingly heterogeneous and complex password rules does not assist. In the year 2016, among all the compromised passwords, “123456” was utilized by nearly one among five victims.
And even when we, the users, respect rules, the companies handling our data may not, whereas they themselves are exposed to vulnerabilities in technologies they do not control.
In response to the explosion in the number of credentials, some organizations started providing proxy authentication services and password safes, but these create failure points.
Safes are software, and as such, they can have vulnerabilities too. Cracking the master password of the safe grants access to all the saved credentials. As for proxy authentication services, the recent data breach affecting Facebook is an example of the results of such type of practices.
It is estimated that during the initial six months of 2018, over 4.5 billion pieces of personal data have been leaked- about 300 per second.
In this regard, is it possible to authenticate safely? Can the passwords be fixed?
To sum up everything, on one hand, users have many passwords to handle, while on the other hands, passwords leak from datacentres on a regular basis.
On the user’s side, targeted awareness campaigns do enhance password hygiene. Password safes also provide an initial response with an ability to create complex passwords, though they depend on a master password. In addition, the worldwide impact of awareness campaigns remains restricted, while password safes are far from the popular among non-professionals.
To avoid the danger of interception or password leaks, one solution is to perform authentication on the user’s side. Fast Identity Online (FIDO) is an alliance of companies that are united around this idea; today, over 1.5 billion users can authenticate without a password ever being transmitted out of the computer. A physical tool owned by a user handles the authentication procedure and suggests to compatible online services that these users are indeed who they appeal to be.
FIDO provides a solution that eliminates the need to remember every password. However, most implementations work with a PIN. And as far as credit cards are concerned, a PIN can be stolen, even if the portability is low. Can we envision a future in which we will authenticate without having to keep in mind anything? Is it possible for us to live without passwords?