Traditional passwords, once a cornerstone of user account security, are full of flaws; fact that’s becoming more and more apparent with the passage of time. The need to remember every single password and their susceptibility to hacking are just some of the challenges that are plaguing these age-old security tools. Let’s not forget the habit of the elderly to write down their passwords on sticky notes and stick them on easily visible surfaces. In response to these limitations, tech giants Google, Apple and Microsoft are turning to passwordless authentication methods, using biometrics and security keys to provide users with increased security and an improved experience.
What are the biggest issues with passwords?
While passwords have long held the title as the most popular means of authenticating users, a number of problems surround the concept. Numerous studies have highlighted the risks associated with compromised passwords, exacerbated by factors such as password retention and the habit of using the same password on multiple accounts, which significantly contribute to data misuse.
For example, a 2019 study conducted by Yubico and the Ponemon Institute found that half of employees shared their passwords with colleagues. Similarly, findings from the Balbix Password Day 2020 report showed that 99% of users reused their passwords on an average of 2.7 accounts. This practice is primarily driven by the pursuit of convenience and speed, emphasizing the urgent need for safer and more convenient alternatives.
Is biometric authentication better than a traditional password?
Increased security
Biometric authentication brings an extra layer of security. Biometric characteristics, unique to each individual, are resistant to replication. Unlike passwords, which can be guessed, stolen or shared, biometrics are intrinsically linked to the individual, which greatly increases the bar for unauthorized users trying to impersonate someone else.
Streamlined user experience
Biometric authentication eliminates the need to remember or manage passwords. Users are freed from the worry of forgotten passwords or the laborious process of creating and maintaining complex passwords for different accounts; this contributes to a more pleasant user experience of the authentication process.
Reduced risk of abuse
Although passwords can be shared or stolen, intentionally or unintentionally, biometric characteristics are tied to the account owner and are not easily transferable. Sharing or borrowing one’s biometric attributes becomes significantly more challenging for those who wish to abuse it in some way.
Resistance to brute force attacks and dictionary
Biometric authentication also boasts increased resistance to standard attack techniques, such as brute force attacks or so called a dictionary attack, in which cybercriminals attempt to extract or compromise passwords.
Microsoft is also working to get rid of password authentication!
Microsoft has unveiled a new security feature for Windows 11 version 22H2 that aims to reduce reliance on traditional and often vulnerable password-based authentication methods. The EnablePasswordlessExperience policy introduced by Microsoft enables organizations to transition to passwordless login systems.
The move comes in response to an alarming rate of over 4,000 password attacks per second, as was revealed by Microsoft last year. With the new policy, users will authenticate using alternative methods such as physical security keys, PINs, Windows Hello or fingerprint recognition, effectively eliminating the use of passwords.
This change improves system security by reducing the risk of cyber attacks exploiting password vulnerabilities. After IT administrators enable this policy, employees will no longer see password options, both on login screens and in-session web browser authentication methods. A new web sign-in experience that supports Microsoft Entra ID authentication methods further streamlines and secures the sign-in process. This aligns with the trend among industry leaders such as Google, Amazon, ebay and Uber who have embraced passwordless authentication systems, promoting a more secure and efficient login experience.
Undoubtedly, it will take more time to replace the traditional way of authentication with new methods for most users, and how hackers will respond to these new methods. Nevertheless, we will monitor the situation and report in a timely manner.
