It’s 2024: will passwords have become obsolete?
- Published: Friday, 03 May 2019 07:13
Every month at least one major hack or data leak takes place in which millions of records, including passwords, are exposed or stolen. This article looks five years into the future to see whether the password has been replaced by other technologies.
Passwords are simply too vulnerable. On the dark web the underground market for passwords and other identity details is thriving. Every month at least one major hack or data leak takes place in which millions of records, including passwords, are exposed or stolen.
If a hacker gets a password and email address they simply apply the information to online platforms such as Amazon, ebay, Facebook and others, until they get a hit. It’s common practice, known as credential stuffing. According to some, many people will have upwards of 200 online accounts within a few years. How do you remember passwords for so many accounts? The savvy use password managers, however many still use the same password across all their accounts despite warnings.
Every year BullGuard notes that surveys of the most common passwords reveal that '123456', 'password', '123456789' and 'qwerty' still make the top 10. Cyber criminals love it. They have great success using simple keyboard patterns to break into accounts online because they know so many people are using these easy-to-remember combinations.
Because of their inherent vulnerability should we be seeing the slow decline of the password? If so, what will replace it and what will we be using five years from now? This article provides some insight by looking at how today’s developments are evolving from their password roots and how they might shape the future.
Iris, fingerprint, voice and face readers are some of the most common uses of ID authentication today. In fact, in establishments where security is the number one priority, they have been in use for a long time. Today, fingerprint authentication is mainstream and the use of face recognition is also gaining ground. Some financial service providers are already using it. A user simply snaps a selfie and links it to their payment card. Sounds great, but biometrics have a crucial vulnerability. All of us only have one face, two retinas and 10 fingerprints. They represent passwords that can’t be reset if they’re compromised. In 2015, for instance, a database containing the fingerprints of 5.6 million U.S. federal employees was breached.
Zero login is the use of unique behavioral characteristics such as typing patterns, location and occupation to verify identity. It enables you to log in into applications and online services without needing to do anything. Recent iPhone models already allow the user to change the pressure of their home button and to detect and remember signals from other devices such as your car or headphones. But how do you know when you have successfully logged out? If your phone is collecting all of this information about you, how is it being protected and where is it being sent? stored across the Internet. Many of us want to keep some parts of our lives separate and even if this information is encrypted there is still a chance it can be seized by attackers.
How do you like the thought on inserting a tiny microchip into your body, the equivalent of a password? This idea has been around a while. But today a Swedish company, Epicenter, and a few others, have made employee micro chipping available on a wide scale to replace passwords and keys. They can enter buildings, open doors, access computers and so on by just placing their micro-chipped hand next to the reader.
A person’s brain password is a digital reading of their brain activity while looking at a series of different kinds of pictures and objects. A person is initially authenticated with a passport, other identifying paperwork, or have their fingerprints or face checked against existing records. Their brain waves when responding to different stimuli reveal a unique biological brain structure which in turn creates a brain password. The two together create a unique password that can’t be replicated.
DNA-based authentication is not far away. Qatar and Estonia already take DNA readings of citizens to map out and get ahead of potential health problems. But much closer to home, a new social platform is planning to introduce DNA-based ID so the potential for fraud on the platform is effectively killed at birth. The platform readily admits it’s a difficult and complex project, not least securing the DNA prints.
Five years from now
So, what types of passwords can we expect to see in five years? All of the methods mentioned above have an inherent flaw, how can you store the information securely and guarantee that it won’t be hacked? It’s the same issue faced by today’s use of passwords with the exception that these new authentication methods are near impossible to imitate. However, some of the above methods also pose ethical issues that need to be overcome. At what point does the password identifier use information that is too personal, what is considered too personal and what safeguards will be in place to avoid the misuse of this data? These are big questions and they can’t be answered easily.
Given current trends it is likely that within five years biometric-based identification will certainly be much more widespread and used in conjunction with two-factor authentication (2FA) to provide an extra layer of security. Passwords won’t be dead as such; in fact their use will remain commonplace but most likely they will be supplemented by biometrics and 2FA to the point where this will become the norm.
BullGuard is a multi-award winning, cybersecurity company.