Is the Era of Passwords Coming to an End? - Weekly Mobile ID Roundup #006

October 10, 2018
2 minutes read
Category: Mobile Identity
Author: IPification Team

Welcome back to the lastest and last edition of our Weekly Mobile Identity Roundup - this time it’s all about passwords! And after this post, we are transforming our roundups in a monthly topic. Expect the next one in early November.

California to Ban Weak Passwords

Choose your password wisely - creating generic passwords such as “admin” or “password” will become illegal in the state of California starting 2020. The default passwords are one of the reasons cyber attacks spread more quickly.

The new law demands from electronics manufacturers to improve their security features and provide their customers with a unique password, or a procedure that will require the user to create their own unique code. It is also noted that those who suffer harm when a company doesn’t comply with the law can sue for the damage.

Many cybersecurity experts believe that although it is a step forward, this will not solve the current security issues.

State of the Password

LastPass has analyzed the behavior of over 43,000 companies and created a report on the current state of password security in the workplace, to help people understand how their company ranks, and to serve as a motivation to make changes.

The average score is 52% - what LastPass considers to be good - which shows that businesses are still somewhere in the middle when it comes to password security. What is interesting in this report is that the bigger the company is - the lower the average security score is. It is also noted that there has been an increase in employees who install unahorized apps due to them being able to obtain admin rights (because admins used bad passwords).

One more unhealthy habit this report unveils is that people are sharing their passwords with others. The average employee shares 6 passwords with their co-workers, and they regularly reuse them across work and private domains, as well as various accounts.

A positive change that needs to be pointed out, is a sharp rise in multi-factor authentication, with over twenty percent increase compared to last year. When it comes to different industries and their password hygiene, tech companies scored higher than others.

Once business dedicated more effort into managing their means of authentication they experienced growth of 15% in the first year. If you are interested to learn more about the realities of today’s password security, make sure to read the whole report.

Time to “Nuke” the Passwords?

As the LastPass report has shown - an average employee shares 6 passwords with his co-workers, and alongside that, users openly admit they re-use passwords across different sites, just so they won’t have to bother with remembering all of the different passwords.

We all know how draining that can be. Almost everything today requires authorization, and sometimes it’s mandatory to include certain numbers, symbols, uppercase letters...

But this password-fatigue doesn’t come from the users alone, it has become more evident that passwords as a means of authentication are becoming more complex and less effective. Looking at 2016 to 2017 alone, the number of data breaches caused by weak or stolen passwords has experienced an increase from 63% to 81%.

People who talk about password ineffectiveness usually come to the conclusion that in order for an authentication to be safe - it needs to be more complex.

When the 2FA came into play, it seemed that since it increased the complexity, it will also increase the levels of security. Although it did to a certain extent, it is still not reaching a point where we can completely rely on it, even when combined with a password. On top of that - the user experience suffers which makes people go back to the old habits of using passwords.

Although passwords are deeply rooted in security practices of today, over 83% of IT decision makers predict that their organizations will soon become password-less. One of the innovations in this realm are methods that include authenticating user’s IP address - such as our seamless authentication technology.

Modern technologies are not only the safest options available, but they also save time, cost, and the user experience is beyond what we’ve been having until now. In order to be one step ahead of the cyber attacks, organizations must switch their authentication methods from obsolete ones to the modern ones.

Authentication should be in the shadows - much like the way credit card companies are dealing with fraud detection from the background!