There's a lot to dislike about passwords. Good things can be hard to remember. It's often a pain to reset. And even if you do everything right, it can still be cracked by cybercriminals.
Although the use of passwords dates back to ancient times, cybersecurity experts have long pushed for their elimination. That may have been an impossible task in the days of ancient Rome, but with the help of modern technology, humanity could move beyond passwords to a world of easier and more secure authentication methods. they say.
It may be easier said than done, but there's no better time to champion password obsolescence than World Password Day, Thursday, May 2nd. This is a completely fabricated celebration he was founded by Intel in 2013. Traditionally, this is meant to be a reminder to take a closer look at your login to see if the necessary security boxes are checked.
Passwords have been around for a long time because they seem simple on the surface and everyone online today knows how to use them. In addition, there are still no scalable alternatives to replace them.
But that is changing. Today, both businesses and consumers typically have the option to log into their devices using biometric indicators, physical keys, authenticator apps, and now passkeys.
Passkeys, which replace passwords with encryption keys, are built on protocols and standards created by the FIDO Alliance. Apple rolled these out as part of iOS 16 in his 2022, and Google introduced support on all major platforms last year. Proponents argue that passkeys provide a better user experience than passwords and eliminate the risk of weak, reused, and compromised passwords, not to mention phishing attacks.
Most importantly, says Anna Pobletz, head of “Passwordless” operations at 1Password, a leading password management provider that supports Passkey, Passkey takes over the security burden that traditionally fell on the user. That's what he said.
With traditional passwords, it is usually the user's responsibility to create and remember the password, she said. Conversely, for passkeys, these requirements are built directly into the technology.
“There's no burden on the user to say, 'Did I create a good passkey, did I create the right passkey, did I use it in the right place?' It all happens automatically,” Pobletz said.
He also said there is no doubt that cybercriminals will try to target passkeys as well as passwords, but they won't be able to do so on such a large scale.
Google said in a blog post Thursday that improving authentication technology continues to be a key part of its efforts to strengthen overall security, and to date it has authenticated users more than 1 billion times across 400 million Google accounts. It added that passkeys have been used in
“In a global election year, growing cyber threats, and the rise of technologies like AI, this work is more important than ever,” Google said in a blog post.
The tech giant also said it has launched broad support for passkeys in Chrome and Android to help developers incorporate the technology into their apps. Google says companies like Amazon, Dashlane, Docusign, Kayak, Mercari and Shopify have all added passkey support in the past 12 months.
Also on Thursday, Microsoft announced the start of passkey support for consumer accounts.
“Securing and accessing your digital life doesn't have to be a pain. You don't have to choose between easy access and secure access,” the company said in a blog post.
However, passkeys aren't available in all apps or websites yet, so they aren't the answer to all your password woes, at least not yet. In the meantime, a password manager can remember long strings of characters while keeping them safe.
With a little effort, you can make your passwords great and keep your data safe. Here are some tips to help you do this.
Tips for creating good passwords
The longer the better. At least 16 characters is best. At that point, you don't need to worry too much about password cracking software. A random string of characters is best, but a passphrase, such as a combination of three unrelated words, is fine in most situations. There is no problem with including special characters such as symbols and punctuation marks.
Note: If you use a passphrase, make sure the words mean only you and don't mean anything important. The “Red Sox Rule” may be a great way to show your team loyalty, but it's not the most secure passphrase. Avoid using birthdays or other important personal dates, as they can be easily spotted by cybercriminals. Song titles and famous quotes are also bad ideas. Avoid cliche substitutions, such as using @ for “at” or “a” and $ for “s”.
Resist the temptation to recycle. Even the best passwords can be stolen and compromised. Therefore, minimize the impact by ensuring all accounts have unique passwords. Admittedly, this can be a pain to process as we recommend a passphrase of 16 characters or more.
As mentioned earlier, if you need help, sign up for a password manager. Both free and paid options are available. Many internet browsers are also useful for this task, but they do not always work on different devices.
Change can be a good thing. Most experts now say that you don't actually need to change your passwords regularly. However, everyone agrees that if there is any room for compromise, it should be changed immediately.
Keep your details away from social media. The more personal information you post, the more cybercriminals will know about you. These small pieces of seemingly unimportant data can be used to crack passwords.
While you're at it, stay away from quizzes like those posted on Facebook that ask you a series of seemingly innocuous questions to tell you which city to live in or your ideal vacation spot. Sure, they're fun, but they can collect personal information that could be used to crack passwords in the future.
Always, always use 2FA. If your password is compromised, a second layer of protection will go a long way to protecting you. Two-factor authentication, also known as multi-factor authentication, is being used by a growing number of sites and requires anyone trying to access your account to also enter a second form of their ID.
It could be a code generated by an app, biometrics like a fingerprint or facial scan, or a physical security key you insert into your device. Yes, it will slow down when accessing your account. But it's worth it to keep your account safe. Use 2FA if available.
A word of warning: If possible, avoid 2FA systems that text a code to your smartphone. SIM swapping, a scam in which cybercriminals take over your phone number, is on the rise. If a criminal takes over your phone number, they will also receive your girlfriend's 2FA text messages.
