Why the Password Is Not Dead

Over recent years, there has been considerable narrative in the cybersecurity space that the password is dead or is at least dying. Major players in the tech industry have been introducing alternative forms of authentication for many years. It has been almost a decade since Apple introduced Touch ID, which was followed by Face ID in 2017. Only last year, Microsoft announced that it was allowing people to ditch their passwords for fingerprints and facial recognition.

Passwords are often identified as the weak link in cybersecurity, with password security issues accounting for 80% of all data breaches globally, according to Verizon’s 2022 Data Breach Investigations Report. However, much of this weakness can be attributed to human failure to practice good password hygiene. Password security really does rely on the basics. Most people will be aware of best practices, such as creating a unique password for each account they have, and yet, according to our research, 44% of respondents admitted to reusing passwords across personal and work-related accounts.

How do we resolve this? Educating people on how to practice good cyber-hygiene is a simple yet effective way to prevent the dramatic consequences of an attack and reduce the likelihood of one occurring in the first place. Education about the importance of strong password security must become an essential component of digital security policies for businesses worldwide.

Many businesses have data security training in place for their employees, but these rarely give enough clarity on the disastrous impact of a data breach. Investment in better training may seem unnecessary, but cybersecurity and password education are necessary. Businesses need to increase their workforce’s awareness of the dangers of poor password hygiene and its potential consequences. The risk of a cybersecurity breach will be significantly reduced by making cybersecurity training a formal onboarding step for all existing employees and new starters.

"Businesses need to increase their workforce's awareness of the dangers of poor password hygiene and its potential consequences"

Over the past couple of years, businesses have had to contend with a range of cyber-threats while under the strain of new hybrid working conditions, which have forced IT leaders to adapt security policies at a moment’s notice. Unfortunately, the pandemic revealed an ill-preparedness in the face of cyber-attacks across the globe, in businesses of all sizes, and provided unique opportunities for cyber-criminals to take advantage.

In the age of disparate workforces, home WiFi networks and multiple devices, password use has continued to increase. Many organizations have implemented additional levels of security to supplement the password, though it remains the core pillar of security systems – highlighting that perhaps the role of the password is not dead yet. As the number of passwords people use increases, the need for an effective password manager becomes more obvious. This is highlighted further by the growing rates of burnout amongst cybersecurity teams.

Looking ahead to the next few years, the future of identification and authentication lies in zero trust and zero knowledge architecture, which ensures that the company developing the software cannot access or decrypt the user’s data stored within. We have also seen considerable growth in the use of multi-factor authentication (MFA), which is extremely effective in preventing breaches and should be treated as a required step in strengthening any business’ security posture. Alongside implementing a password manager that creates high-strength, random passwords, enabling security features such as MFA is a simple yet powerful step that businesses can take to improve their cybersecurity significantly. However, even as MFA grows in popularity, it does not necessarily mark the beginning of the end of the humble password.

When asked about the future of passwords, it has become a popular response to say that they will become obsolete. This is a myth. The password is not on the verge of extinction. If anything, the use of passwords is increasing along with the world’s rapid transition towards software use and cloud-based approaches. All of these require passwords; encryption keys cannot be generated without a standalone password. Even biometric security relies heavily on encryption keys.

It is highly likely that we will continue to see new technologies come to the fore in security management – such as increased use of artificial intelligence and biometrics. Though new methods of authentication will be implemented, the role of the password will remain well into the future. There is no doubt that no matter how much we innovate in the upcoming years, passwords are here to stay as the core of personal digital security.

What’s Hot on Infosecurity Magazine?