Why Do We Still Need Passwords?

November 26, 2020

Forgetting and resetting passwords is all too relatable. We all know someone who writes their passwords in the notepad next to their computer (or worse, actually in Notepad on their computer). Or who uses the exact same password for everything. They’re probably the same person who has their bank account emptied after falling for a phishing email from their “bank” asking them to send their login details. Systems ask people to reset our passwords periodically, so everyone is coming up with complex variants of previous passwords to check the uppercase-lowercase-special-character criteriaAccording to Ponemon Institute, 57% of internet users would prefer a passwordless method of protecting their identity in the future. So, businesses are seeking the best way to balance their security with an easy-to-use computer login system and questioning the need for passwords at all. 

Stop changing your password

A study has shown that frequent password changes are less secure than having a hard-to-guess password to begin with. Why? Because even when you think you’re being imaginative with this one, you’ve only really added a few numbers, an uppercase letter or exclamation markmaking it less memorable for you and having minimal impact on how easily a machine can guess it. One tip: the longer your password, the less hackable. A short but complex password has fewer random combinations to guess than a longer oneThis still leaves a lot of room for forgetfulness though, especially if you’re quite-rightly using a unique password for each system or application. Luckily, there are secure password storage tools that enable you to generate random passwords and keep them backed up on a hard drive, such as KeePass 

Face recognition with a mask on…?

Ipasswordless authentication exists, what are companies messing about at with all these passwords? Passwordless authentication might involve using your phone to receive a code via text, or your fingerprint or face recognition. The trouble is that some industry jobs aren’t set up for biometric authentication. For example, a fingerprint reader or face recognition for doctors and nurses to log into different computers is inconvenient when all the staff are wearing surgical gloves and masks. Or if one of your employees doesn’t have a smartphone with a fingerprint readerbiometric identities don’t seem so effortless when they can’t be applied across the whole company system. 

You don’t need to remember a thumbprint

For a lot of businesses, though, it’s a no-brainer. Seamless user experience and increased security all for the cost of one thin layer of technology is a dream come true in the business and data world. Ditching passwords eliminates the spike in password reset costs that follows the holiday period when everyone comes back to work and realises that the combination of uppercase, lowercase and special characters they used wasn’t memorable at allIt also saves time for the poor IT helpdesk guys who can’t get on with other jobs because of all password issuesAnd it avoids sophisticated phishing emails posing as the CEO asking employees to email back their account password, because there’d be nothing to email back if authentication were passwordless! 

Adaptive Authentication

Instead of a one-size-fits-all passwordless approach that leads to a series of exceptions to a rule, Multi-Factor Authentication (MFA) solutions enable varying types and levels of authentication for different users. Then, even when one employee doesn’t have a phone and another can’t use their fingerprint at a certain time, there are alternative but equally secure methods to log in. Plus, if a user follows a normal login pattern (like when they log in for remote work every day), the frequency of authentication can be lowered (such as only requiring it once a month).  

Adaptive MFA sounds good, but where do you start? The journey to secure and seamless systems must begin somewhere, and there are plenty of first steps you can take for your business to improve security, user experience and productivity. If you’re interested in finding out about your options, contact us today.  

download guide to zero trust