That is the question.
Since 1961, when an MIT computer science professor created the first digital password, passwords have remained our digital guardians, the first line of defense for our online accounts. It may be retirement time, no?
Security experts and everyday users alike are wrestling with this very question. Some advocate for a complete overhaul, a password revolution that ushers in a new era of online security.
Others believe that with some tweaks and adjustments, passwords can continue to serve us well.
Let’s look at some recent reports and statistics to better understand where passwords stand today and determine whether it’s time to say goodbye.
We’ll also consider the alternatives, the shiny new authentication methods that promise a more secure future.
By the end of this exploration, we might not have a definitive answer – to password or not to password – but we’ll be better equipped to navigate the ever-changing landscape of online security.
Recent Reports Unveil the Harsh Realities of the Password Landscape
With the release of passkeys and the increasing popularity of passwordless solutions, new reports that shine a light on the vulnerability of passwords seem to come out every day.
One such report, recently published by Kaspersky, used a smart brute-force guessing algorithm to check how secure passwords are against today’s technology. Unfortunately, the algorithm can crack most passwords in less time than you might imagine.
In fact, 59% of 193 million actual passwords were cracked in less than 60 minutes, and 45% were cracked in less than 60 seconds. This means that cybercriminals can easily steal accounts at scale when they’re only protected by passwords.
With that in mind, it’s no wonder that 46% of Americans admit to having their password stolen in 2023.
If you ask any business globally, they’d say that’s 100% too many incidents, and we agree. Especially when you take into consideration the effect that data breaches can have on businesses, both directly and indirectly.
90% of organizations experienced an identity-related incident in the past year, out of which 84% report a direct impact on business. Each of these incidents costs the businesses large sums of money, the type that can make or break companies.
In the eCommerce industry in the US specifically, 82% of merchants with international sales suffered cyber or data breaches last year.
In addition to direct costs, these companies said that they faced significant indirect costs. For 47% of them, these incidents resulted in both lost customers and revenue.
These “byproduct” costs are something we often talk about. Direct costs are one thing, but indirect costs caused by the damaged brand image can actually end up costing way more in the long term, especially now that cybersecurity awareness is growing among consumers.
So what do we do about passwords? Let’s explore!
Beyond Passwords: Exploring New Frontiers in Authentication
The quest for a more secure future might not necessarily mean abandoning passwords altogether.
New authentication methods, such as IPification, passkeys, or biometrics, offer promising alternatives. They’re all secure, yet offer a much better user experience than passwords.
You no longer have to remember a (hopefully) complicated password, and you can’t lose or forget it. Instead, you verify your identity using your fingerprint, your face, or your phone and network data.
It’s because of those reasons that only 25% of users use solid and unique passwords. The other 75% tend to reuse their passwords across websites or create sloppy passwords so they remember them easily.
Keep in mind that machines also tend to be stricter with these things so the human factor is significantly minimized, especially important for widespread fraud tactics such as phishing.
Now, while it would definitely be better to move to passwordless authentication, it’s not very likely to happen overnight. Instead, we’re betting on a slow phase-out of passwords.
In the meantime, it’s a layered approach that we should be striving towards.
To start with, enforcing stronger passwords is a must. Let’s educate the users on proper password hygiene first, and then enforce stricter rules to mitigate some of the risk.
While the world slowly moves towards passwordless solutions, let’s implement multi-factor authentication. Adding an extra layer of security on top of passwords can prevent account takeovers even when the password is stolen or otherwise compromised.
In that scenario, it becomes a question of which options you should integrate into your system.
Of course, it would be imperative to choose a secure solution that has a great user experience, and high data privacy, the latter of which is a bit problematic for solutions like biometrics.
As the simplest example, the main problem comes from the fact that you can change your password once someone steals it. But the same can’t be said for your fingerprints.
On the other hand, this doesn’t pose a problem for solutions such as IPification.
The way it works is IPification assigns a unique mobile ID key to each user, based on their phone number, device, and network data. This data that makes up the mobile ID key is never actually transferred over the network, which IPification relies on to verify users.
The authentication process itself is seamless. All the user needs to do is input their phone number and tap once, after which they’re authenticated within milliseconds. It’s a trifecta of bank-grade security, a frictionless user experience, and maximum data privacy.
Not to mention that IPification also offers a number of other fraud prevention solutions such as the SIM Swap and Device Change Detection, and the Know-Your-Customer solutions.
All that being said, it may not be the right solution for your app. So let’s talk about it: contact us here to schedule a free, no-commitment consultation.
And whatever you do, remember, the fight against cybercrime is a continuous battle. As technology evolves, so too must our security measures.
