The Future of Passwords

Sue Marquette Poremba
Slide Show

Eight Ways to Create Stronger Passwords and Protect Your Accounts

At the end of February, Hold Security announced that it discovered over 300 million stolen or compromised login credentials.

During that same week, Fortinet revealed the results of a survey of Generation X and Millennial adults in which they were asked their attitudes toward passwords.

The two events have nothing to do with each other, but I thought the timing was a little serendipitous. To me, the two show that maybe we really have come to the end of the password’s usefulness as a security measure.


The Fortinet report found that many Gen Xers (ages 33-48) and millennials (ages 18-32) don’t change their passwords at all unless prompted. And if they do change their passwords, they do it as infrequently as possible. Interestingly but perhaps not too surprisingly, millennials are protective of their phones, with 57 percent saying they do password protect their device (less than half of Gen Xers do so). I say that this doesn’t surprise me because the millennials I am related to depend on their phones for their survival. I think they are more apt to protect their phone than lock their house or car doors. Still, they use the easiest form of password possible to protect their phones, opting for a four-digit pin over more difficult-to-crack password options.

It’s easy to think that, other than with smartphones, millennials and Gen Xers appear to be lazy with passwords and that presents a risk to the corporate network. I would argue that older generations are pretty darn lazy about passwords, too. And as this recent Hold Security finding reveals, maybe our passwords aren’t all that safe anyway. As a Reuters article stated:

hackers can do far more harm with stolen credentials than with stolen payment cards, particularly when people use the same login and password for multiple accounts.

So maybe what this survey and this reveal of stolen credentials show is that it is time to rethink the password as security. At the very least, it shouldn’t be the single measure used. Younger generations are likely to have even less consideration for security (and that next generation is getting ready to age into the workplace). The question is, what is going to be the right security process going forward. Will it be biometrics? Multi-factor authentication? Or maybe it will be social verification, where you are asked to identify social contacts.

I can’t imagine the password will be our primary method of security for devices and data for much longer.



Add Comment      Leave a comment on this blog post
Mar 13, 2014 10:06 AM Miranda Miranda  says:
I totally agree that passwords solely aren't the best security measure. I am not too fond of the idea of biometrics, so I am a firm believer in multi-factor authentication. I use a password manager called LastPass and tried out a few of their multi-factor solutions. This was the first time I explored this type of security measure. I noticed that many of the solutions were annoying and only made me not want to use them. Then I came across Toopher and decided they have it figured out. It has an automation feature that uses the location awareness of your smartphone to authenticate with in normal locations without interrupting the user. It's extremely easy to set up and doesn't really change my normal password behavior. I am hoping I see Toopher offered in more places soon! Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date