As you’re signing into your Gmail with the same password you’re using on several other platforms, maybe it’s time to think about it a bit.
It’s probably a name, perhaps of your pet, or a family member, or even worse – your own name. However, you added some numbers at the end, just to make things tricky in case some hacky internet demon comes by. That should do the job.
Well … we have bad news.
To put it simply, using this type of password is like living in a very sketchy neighborhood and going to sleep with your door unlocked. Take a glance at this Microsoft post and see exactly why passwords don’t matter anymore. From brute force attacks to the old classics like phishing, there are plenty of ways hackers can gain access to your data. It might seem that a long and complex password could reduce the risk of getting hacked, but it is still vulnerable. In fact, it could be more of a challenge for you to memorize it, than for the attacker to crack it.
We use more and more apps every day, make accounts on tens of different sites, and don’t really have time to make up a long and wacky password each time we sign up somewhere. If we do (which is still better than picking up a short, common word or 12345), we’ll inevitably need a password manager – an app that keeps track of all of our login details and stores them in one place, an online safe-deposit box. This safe-deposit box is protected by one master password. While it represents a significantly safer option than reusing passwords, it still has flaws: first, what if the master password is breached?
If someone gets hold of your master password, they have access to all of your passwords, no matter how secure they are. Keep in mind that hacking techniques and software are evolving, so the future will most likely bring new challenges for the security of password managers and new risks of password leaks. Another problem is the price: while most of the password managers are free, certain features require a paid subscription. Some of them, like cloud storage, can provide really important benefits.
Choosing good passwords, increasing the IT security budget, pros and cons of password managers – all of this is just a very costly distraction from an inevitable conclusion: passwords need retirement!
By this, we don’t suggest getting rid of all kinds of protection methods. Going passwordless means being able to verify your identity with more secure mechanisms other than typing in and remembering a bunch of passwords. According to Gartner, by 2022, 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases. A common way of going passwordless is biometric authentication. For example, to sign in securely with Windows Hello, you just need to show your face or provide your fingerprint.
There are plenty of reasons why tech giants like Microsoft strongly advocate going passwordless: it drastically reduces costs of IT support, there is far less pressure on IT help desks (no people waiting for assistance in password-related issues such as resetting), it’s far more convenient for a regular user (no need to remember any password), and finally, it eliminates the risks of cyberattacks such as phishing, keyloggers and credential stuffing.
Eliminating passwords will soon be a common thing in our online life. We make more and more accounts, we manage most of our business online, more passwords mean more costs and headaches for companies’ IT security support. Verizon’s 2020 Data Breach Investigations Report (DBIR) shows some alarming data: more than 80% of hacking breaches involve brute force or the use of lost or stolen passwords. So, leave passwords where they belong and get ready for the passwordless revolution!