Another week, another password? In reality, it’s more likely to be the same one most people used six months ago and the same one they use for several different accounts. Today might be World Password Day, but many people won’t be changing theirs.
According to a 2019 survey by Google, six out of 10 people admit to using the same password across multiple online accounts. Only one in seven people use a password manager, but over a third keep track of passwords by writing them down on a piece of paper. A 2020 survey in the UK by iProov suggested that even though many websites offer a strong password option, which creates a suggested password, only 9% of people take up the recommended password options. A further 1% choose to use their Facebook or Google credentials.
Demise of the traditional password – why Bill Gates was half-right
Speaking at the 2004 RSA Security conference Bill Gates predicted the demise of the traditional password because it cannot “meet the challenge” of keeping critical information secure. He was right on the second point, but passwords are still with us.
World Password Day began in 2005 when a security expert writing a book about perfect passwords advocated putting aside one day in the calendar when everyone should change their passwords. Intel backed the move in 2013, and the first Thursday in May became the official World Password Day.
Some 16 years after the original idea, passwords are still with us, but the complexity of today’s security landscape is driving change. Most people have multiple accounts, making it is impossible to create a unique, complex password that they can remember.
A helping hand from two-factor authentication
There is no possibility yet that passwords will disappear, but they are increasingly supplemented by additional measures. For example, two-factor authentication, which typically requires an extra step in the login process. When a user has entered a password, they will receive a text message with a unique code or be asked to generate one via an authenticator app.
Two, or even multifactor, authentication offers an additional layer of security, though it can create a tiresome process for the user with an extra security hoop to negotiate. But that is the price that must be paid to keep systems and people safe.
Biometric alternatives to passwords are starting to take off
Forgotten passwords are also the reason consumers abandon a third of online purchases. And yet, research from Experian suggests that 75% of companies still fear inconveniencing customers by introducing authentication, which requires users to verify their identities to access an application.
Until now, there hasn’t been a genuine alternative to passwords. But today’s two-factor authentication stopgap and tomorrow’s biometric technologies could be the beginning of the end for passwords. Facial recognition is increasingly widely used. Apple launched Face ID for the iPhone X in September 2017, and it has since expanded the number and type of devices using it. Future versions of Face ID will let device owners unlock their handset while wearing a face covering. Beyond facial recognition, the future could involve behaviometrics, which measures individuals’ behavioral patterns to recognize or verify their identity.
Perhaps appropriately, the influential RSA Security conference returns later this month with one of its sessions asking, “Are password managers improving our password habits?” Could this finally be the year that a session must be put aside for passwords? Probably not. In which case, World Password Day will return on May 5, 2022.