Are We Ready for Password-less Future?

Did you know that every year, on the first Thursday of May, World Password Day is celebrated with a motive to encourage good password habits? Well, just like every other important day in cybersecurity, World Password Day is equally encouraged to spread awareness among every internet user on the importance of password security. And why not? In this digitally advanced world, almost everything is available and operated online.

From online shopping to banking and private work, we are madly dependent on the internet! And with passwords, we are just a security shield away from the reach of hackers and threat actors. But as our dependency on the internet is increasing, these opportunistic cybercriminals have advanced in launching cyberattacks too. For a fact, stealing passwords and breaching data is so common now that it seems to have become a cakewalk for cybercriminals.

Today, in this global pandemic situation, with everything completely moving online, this risk of password security in organizations is much more at stake. Six months into the pandemic, and we have already faced the worst cyberattacks of history, back-to-back. To top it all, the new normal of en masse remote working culture and employees using their personal devices to work has become a security nightmare for various organizations across the globe.

In fact, the recent example of the Cognizant ransomware attack is alarming itself as a huge chunk of the company’s personal information including credit cards were compromised. The IT major is now facing the impact of the loss of $50–70 million in its revenues in the present quarter as per reports

Passwords and Humans: The Weakest Links in Cybersecurity Today

The aptest example of password security at work (Image source: John Klossner)

It is a universal truth that passwords and humans are the two major sources of cybersecurity vulnerabilities. While organizations have been following the legacy of passwords for many years, human errors like password reuse, weak passwords, and poor password management put the security of confidential information at risk. No matter how many years we celebrate World Password Day, basic password habits still remain the subject of concern.

Here are some staggering statistics that are making cybersecurity experts rethink switching from passwords to better alternative security practices:

1. According to a recent survey by Google, around 65% of internet users reuse passwords across online multiple platforms.
2. Microsoft recently announced that 44 million accounts were found vulnerable due to compromised or stolen passwords.
3. 73% of internet users duplicate their passwords in their personal as well as work accounts.
4. As per the Verizon Data Breach Investigation Report, 81% of hacking-related breaches happen due to compromised passwords.
5. 54% of SMBs do not check up on the password practices of their employees.
6. Around 61% of employees are more likely to share their work passwords than personal passwords. (source: Kratikal)

This lax behavior of humans and vulnerabilities caused by passwords empower cybercriminals to leverage dangerous cyberattacks. Organizations cannot rely solely on people to change their password habits. In the same manner, it is untenable for them to continue allowing the usage of exposed user credentials.

Human and vulnerabilities go hand in hand when there is no security awareness (Image source: John Klossner)

As per the World Economic Forum (WFH), cybercrime is set to cost $2.9 million every minute in 2020 and passwords are responsible for 80% of these cyberattacks. Moreover, it stated that knowledge-based authentication like PINs, passwords, etc., is costly to maintain and a headache for users. It is high time for organizations to get rid of passwords and get ready for a password-less future.

But after years of using passwords, are we really ready for it? Here are some pros and cons of adopting a password-less strategy in the future:

The Pros of Password-less Strategy

• Boost in Security: Passwords are the most vulnerable source to leverage cyberattacks and humans, being the other weakest link in security, are indirectly responsible for the same. Therefore, taking this responsibility out of their hands is better to keep cyber threats at bay. Plus, using password-less practices for authentication will reduce the risk of credential thefts.
• Digital Transformation: Currently the world is rapidly changing by adopting new digital innovations and transformation to get their businesses back on track due to the pandemic. A password-less strategy will be a key digital enabler here. It will make mobility highly seamless, reducing user friction, and thereby improving the user experience.
• Better Visibility: For IT administrators and their team, the password-less email authentication would deliver greater control over the user identity and access management. In simpler terms, they can easily detect and prevent suspicious logins before they turn into major cyberattacks.

The Cons of Password-less Strategy

• Risk of Uncertainty: No matter how tempting adopting new strategies sound, switching to completely new security standards and risking massive confidential data is a big deal. Replacing legacy passwords with new password-less security is not only a risky business but is also a deep pit of unpredicted exploitable vulnerabilities.
• Potentially Increased Cost: Even though password-less authentication offers savings on cost over the long run, organizations will have to eventually face expensive deployment and training. Whereas seeing the current status of security in every organization due to the pandemic, the smart step would be to train employees with security awareness training rather than deploying a new technology that would take everything back to square one, disturbing the cyber resilience of the organization.
• Evolving Cyberattacks: We cannot ignore rapidly evolving cyberattacks that are being launched ever since the lockdown. Moreover, since most of the employees are working from home now, going password-less is a high-risk step. On top of that, cybercriminals have become ruthless and are one step ahead in launching cyberattacks. Organizations must primarily focus on practicing preventive cybersecurity measures, just as stated in the CERT-In recent advisory.

Check out this video before making your choice in future

Conclusion

After decades of using password legacy, we are close to achieving robust password practices. Although remembering and managing passwords is stressful, we still rely on them. On the other hand, no matter how much we try to stick to the old habit, there are so many amazing solutions on the horizon that the password-less future has in store.

Unless results of user experiences prove the effectiveness, it would be probably unreasonable to predict how password-less the future is going to be or if we are ready to adopt the new change yet or not.