Passwords are currently integral to security measures. That has been true for many years now. However, passwords cause many problems. They are hard to remember, and we are required to know too many of them—sometimes even hundreds. In addition, they can be stolen and leaked on the dark web. Those two sentences combined cause even more trouble.
When you need to know many hard-to-remember passwords—after all, the simple ones are easy to crack via brute force attacks—you might be inclined to take shortcuts. That might be password reuse or relying on risky storage methods to keep track of all your credentials.
Indeed, passwords have become the single biggest threat to online security. The increasing complexity of passwords leads to people reusing them, hackers are becoming more adept at stealing them, and the data found online makes it increasingly profitable to commit cybercrimes. This is a recipe for disaster, and something needs to be done for there to be a secure future of passwords.
If all of this weren’t worrisome enough, companies are using more and more cloud and online services, which require their employees to share login credentials across a greater ecosystem of software, all of which is vulnerable to attacks.
Despite all this, usernames are now often just your email address, meaning hackers only need to find your password since the username is intrinsically linked to you. So what is the future of passwords? Well, different experts have different opinions, and it is hard to say who will be proven right. Our guess is that it will be a combination of some or all of the solutions described in this article, as well as some truly unexpected technological breakthroughs.
In our quest to become more secure, passwords become less and less easy to remember. Let TeamPassword take care of securely remembering your passwords while you focus on growing a successful business!
Sign up for a 14-day free trial to test TeamPassword with your team members today.
The advantages and disadvantages of passwords
Are passwords doomed to the dustbin of history, or do they still have some redeeming qualities? Like all security solutions, passwords have both advantages and disadvantages.
Passwords are easy to implement using software. They are also very cheap to run. Unlike two-factor authentication, biometrics, or any of the other advanced systems discussed below, the only real costs are the implementation. There is no fancy hardware or software to maintain over time.
In addition, users can delete or modify passwords easily, which is not always possible with other solutions. (Random shower thought: If your company uses facial recognition, would they pay for Botox if you called it “updating your login credentials”?)
Simply put, the entire concept of passwords is flawed. Anything easy enough to remember is going to be hacked so quickly that it isn’t really a security feature at all. Conversely, any password actually strong enough to keep a hacker out is difficult to remember.
Remembering multiple passwords of that strength is nearly impossible, which leads to reuse. Since any individual site could be hacked, using the same password across many sites leaves you extremely vulnerable. Your bank or company probably has an impressive security system, but if you use the same credentials for a random chat board, then you are essentially reducing your banker or employer’s security level to that of the least secured site you frequent.
The future of passwords
What is the future of passwords? Well, first of all, we should be asking: What are the futures of passwords? Indeed, even the definition of "password" is going to be complicated in the future as every site will mean something different.
Some sites will use two-factor authentication (2FA), while others will use a passwordless system. Some devices will be dealing with biometrics, while others passphrases. Some users will prefer single-sign-on (SSO), while others will stick to the proven security and convenience of a password manager.
Below, we will describe just a few of the many advances that you will see as part of the future of passwords:
- Two-factor authentication
- Single sign-on
- Zero login
- Password managers
Don't let your company fall victim to extortion emails, credential stuffing, and other password vulnerabilities. Let TeamPassword take care of security while you focus on growing a successful business!
Sign up for a 14-day free trial to test TeamPassword with your team members today.
Two-factor authentication (2FA)
Two-factor authentication is basically what it sounds like—instead of using a single authentication step involving your username and password, there is a second step where you provide further credentials.
The most common system for 2FA includes an SMS message to your phone number. Once you type in your username and password, the system sends you a text message with a one-time password (OTP), usually a six-digit number code, to type in during the second authentication step.
This has mostly replaced an older version of 2FA where you provided questions and answers to prove you are who you say you are because they were vulnerable to social engineering. That is, malicious actors could figure out your first pet’s name, your childhood best friend, or the street you grew up on and then waltz through this second step of authentication.
While 2FA with SMS codes has helped reduce the risks of brute force or dictionary attacks, a new attack arose to break through the SMS step. Indeed, hackers have found ways to port phone numbers to a different SIM card without the owner’s permission to harvest these 2FA codes.
That is why secure 2FA OTPs are now sent to authentication apps, the most popular being Microsoft’s app called Authenticator.
Passphrases are, in essence, many long passwords. Instead of writing the password “dog,” you pick the phrase “I walk my dog Sparky,” which might be written without spaces as “iwalkmydogsparky.” The sheer length of the passphrase makes it more secure than the base password while not being harder to remember.
In the future of passwords, allowing for longer password lengths to accommodate passphrases is a very simple-to-implement and low-cost step in higher security. Unfortunately, many sites still limit the length of passwords to 12 characters.
Passphrases can also be adapted similarly to normal passwords by changing the capitalization of different letters, adding numbers and characters, etc. For example, “iwalkmydogsparky” can then be changed to “1.w4lk-My_d0g=Sp4rKy”.
The benefit of passphrases is that, even though they are very long and hard to guess, they are often quite easy to remember compared to a random set of letters, numbers, and characters.
Single sign-on (SSO)
The single-sign-on system allows users to use a single set of credentials once to use many separate services. This is done by all the services having trust relationships. As you move from one secure site to another, the SSO system passes tokens behind the scenes to confirm you have permission to enter the site.
Passwords have gone from the entirety of digital security to its greatest liability. This has led many people to argue the future of passwords should be no passwords at all. Biometrics has been at the forefront of the passwordless revolution. Fingerprints and/or facial recognition are increasingly used by portable devices such as smartphones.
It is likely that passwordless solutions will be a part of any login ecosystem of the future. Whether using SSO or 2FA, biometrics are likely to be part of the future of passwords.
Some companies might do away with logins entirely. While your bank might actually call you when you try to log in from a new IP, Amazon is currently testing systems that will measure your typing speed and pressure to constantly confirm your identity while you use their site.
In these systems, the goal is to confirm your identity constantly through behavioral means and then only ask a password when the system detects anomalies in how you type, search, etc. In this case, only hackers will be prompted for passwords.
While the future of passwords is diverse systems designed to keep you more secure while not taxing your brain remembering a longer and longer list of more and more complex passwords, passwords will not disappear entirely.
These complex passwords—and a new one for every site—are paramount to your security. For now, the best solution is a very secure and user-friendly password manager that takes all the difficulty out of using passwords.
The best way to secure your IT infrastructure is to use a password manager that includes sharing features. A password manager like TeamPassword offers high-level encryption and two-factor authentication so that only the right people can make sense of the passwords.
Before anyone can access the list of shared passwords, they must log in to the platform using their personal password and a short-term authentication code.
Teams often need to share passwords to access mutual accounts, including Wi-Fi. However, you don't have to put your data at risk to make this possible. You can use TeamPassword to securely generate, store, and share Wi-Fi passwords within a team.
If you’re unsure where to begin, sign up for a TeamPassword free trial to secure your shared passwords once and for all.