Why Passwords are Problematic

According to Microsoft's Professor Woodward, passwords are a decade old concept. Computer Weekly states that they are a ubiquitous part of the digital age. As such, it is imperative to look for something different and more secure to replace them.  

Passwords pose one of the biggest challenges to cyber security today. This is because they are mostly easy to guess. 

Here are some of the most common password problems: 

• Using or reusing lame passwords is common when you use pet names, birthdays, places visited, relative names etc., on your passwords. Since most of this information is frequently shared on social media, guessing your password becomes easy. 
• Breaches by a third party and nation-state attackers. Failure to frequently change your passwords puts you at a risk of losing your login details to mass attacks. 
• Spear Phishing. This happens when hackers mimic the feel and appearance of genuine businesses. After that, they send you misleading emails, for example, about shopping. Once you click on the link provided, you are then requested to give your ID and password. Doing that allows attackers to access all your accounts since they now have your password.  

How to Deal With the Password Problem 

An average online user may have about 50 online profiles, requiring more than 50 passwords. For passwords to be effective, they need to have an uncommon phrase with more than eight letters.  

To increase the effectiveness of a password, Microsoft states that: 

• You should change it after 60 days 
• Have at least 8 characters 
• Use characters in both upper and lower cases 
• Have symbols and alphanumeric characters 
• Stored using reversible encryption  

With all these requirements, it becomes impossible to memorise 50 complex and unique passwords. 

Microsoft’s Solution 

Since March, the tech giant has launched passwordless accounts in both Microsoft and Windows products. The login process enables passwordless login prompts for users to log in to a Microsoft account to give their fingerprint (or any other secure unlocking feature) on their phone.  

Biometrics and special security keys provide a unique and secure alternative to the use of passwords. Due to identity theft and compromising passwords, 67% of banks have invested heavily in facial recognition, fingerprints, and voice recognition. This is according to a 2019 Global Banking Survey conducted by KPMG.  

According to the communique from Microsoft, only the owner of a phone can give fingerprint authentication when prompted to do so. This is more secure than the use of regular passwords.  

So, when you lose your phone or forget your details after upgrading, there are backup options including: 

• Facial recognition provided by Windows Hello 
• A physical security key 

• Email or short message codes 

Two-factor authentication will also mean you need two different recovery methods if you lose your phone.  

Companies are starting to rely on multiple factor authentications (MFA) to boost the security of accounts. This seeks to identify people in as many different ways as possible. Some of these measures include combining PINs, fingerprint scans, your location, swiping patterns, phone identity etc., to help in your identification. 

Conclusion 

According to Ali Ninkam, the CEO of Bunq, biometrics will not replace passwords. However, combining different factors through multi-factor identification will be critical in enhancing information security.