Password Day has been promoting better password habits for years, and the day serves as a reminder for your annual password change. Passwords are the gateway to all of our personal and corporate information, but they can also leave data vulnerable if they are not strong enough. Vulnerable passwords could mean billions of dollars in loss, not to mention a decline in digital trust and online transactions and a loss of reputation for impacted organizations.
However, as threats have evolved over recent years, passwords have had to get longer and more complicated. Unfortunately, they are also harder to remember and more stressful for users. Complex passwords do not create the best user experience, they are still easily compromised and they are costly. Perhaps this year it’s time to stop promoting traditional passwords altogether, and here’s why.
It is no longer sufficient to just have a strong password policy. Most passwords are not strong enough to stand up against hacking: 90% of user-generated passwords are weak and vulnerable. Plus, users often forget passwords, and some are still writing their passwords down with pen and paper. These passwords can be found, lost or stolen, overheard or even guessed, and are not secure on their own.
Attacks on passwords have only increased with remote work. Enforcing password policies across a remote environment is even more difficult; plus, employees may have extra passwords to keep track of as they access work software and files remotely. Managing a multitude of passwords is a burden on users and they are likely reusing the same password, or aspects of the same password, just to remember it. However, this makes them even more vulnerable because if one password can be hacked, the others are easily guessed. This begs the question, why are we still depending on this antiquated method?
Additionally, IT decision makers are focused on deploying new technologies to navigate a remote working environment, which may be here to stay even after the pandemic. This transition is the perfect time to consider a passwordless future to ensure business continuity. Amidst digital transformation, it’s time that we transform traditional passwords as well. Newer technologies, such as smart cards, fingerprint readers and facial recognition, are shifting preferences away from passwords.
Additionally, passwords are more stressful for users. According to a Visa survey, 86% of consumers are interested in switching to biometrics, 70% believe that biometrics are easier, and 46% percent believe they are more secure than passwords or pins. Users have to remember (and be reminded) to reset passwords, change vulnerable passwords and create new credentials for every account, which is a tiresome task.
Plus, your IT team is spending critical time managing passwords (six hours a week on average), when they could be focusing on higher priority projects. Thus, removing passwords will increase productivity and alleviate stress in your organization.
Passwordless logins, or any login system that doesn’t require a password, such as biometrics or physical tokens, are the future of user experience for both employees and end-users. According to a LastPass survey, 92% of IT professionals believe that passwordless systems are the future for their end-users. Passwordless authentication will reduce security risks, reduce the burden on employees and IT teams, and protect organizations.
However, making the transition may take time, and a completely passwordless future is likely still a few years away. To transition to a passwordless future, organizations should implement multi-factor authentication (MFA) by using a password and biometrics for additional layers of authentication and security. Plus, adding this additional layer of security makes MFA efficient at protecting passwords. According to Microsoft, MFA blocks 99.9% of automated attacks. Additionally, organizations can enforce a strong password policy and use a password manager.
This password day, organizations should educate their employees on strong password policy practices and prepare for a passwordless future.