Tech

Passwords are still widely used, but they are losing ground

Deepak GuptaOctober 28, 2022
0

For years, attempts have been made to replace the passwords by other authentication methods that are easier, not necessarily more secure depending on the case. Here we find large corporations like Google, Apple and Microsoft trying to replace passwords with fingerprints, faces, irises, blood vessels in the hand, USB keys and more recently passkeys. However, the transition is being quite slow, so today passwords are still widely used, despite the fact that they are gradually losing ground.

In recent years we have seen how technologies such as Windows Hello, Face ID and Touch ID have been sold as more secure means than traditional passwords, but the reality is that, in the opinion of many (including this server), they only provide comfort if they are not enforced with at least one other authentication method.

Biometric authentication methods can be secure… if you strengthen them

In the case of fingerprintObtaining it is as simple as stealing the smartphone and starting to investigate because the user has been leaving their access code printed on the same device. Use as authentication method a fact that you leave everywhere Not exactly the smartest idea.

The face is not that easy to obtain, but nowadays there are even low-end smartphones capable of taking pretty good quality photos, so one should be avoiding cameras all the time to avoid replicating their face in any way. form. Here we are leaving video platforms in the inkwell, which, if they show their faces, are another source of information for malicious actors. A similar situation exists around the iris, which can also be replicated from images, which is not the case with the retina, in case anyone gets confused.

Something better is the situation of the blood vessels of the hand as a means of biometric authentication. Although it is not perfect, replicating this requires such powerful means that the user would have to be kidnapped to obtain all the necessary data with pressure, since starting from material obtained from social networks and video platforms it is impossible to replicate a part of the hand that is not in sight.

They have much better keys in hardware format. For example, the YubiKey 5 NFC key is compatible with all major encryption algorithms, including RSA 4096, ECC p256, and ECC p384, plus support for Windows, macOS, Linux, Android, and iOS, so it offers powerful cross-platform support. The keys are responsible for providing secure and resistant authentication against the dreaded phishing attacks. While it is true that web browsers try to help detect phishing, they are not always successful and it is better to think that malicious actors are always two steps ahead.

Biometric authentication using the blood vessels in the hand

And more recently they are revealing the passkeys or passwordswhich are actually different schemes for storing authentication information in hardware. They are intended to be easy to use and are resistant to phishing and other similar methods of stealing user accounts.. Based on FIDO Alliance and W3C standards, they replace typical passwords with cryptographic pairing keys, improving security while speeding up authentication. For example, in the Apple ecosystem they can be used together with Face ID or Touch ID (hence we mention combining authentication methods with other methods) in order to have secure access without a password.

As we can see, the new authentication methods combine really questionable solutions with others that do offer a competent framework. This will probably end up being confusing for a user with very basic knowledge, who may end up putting them all through the same hoop. In these situations, the logical thing is to take the lowest bar, so the global perception of the group would point to being rather negative.

Passwords are losing ground, but they continue to resist

The lack of knowledge and the complex situation around modern authentication methods could be the reasons why passwords remain the main way to access systems and services. The prevalence of passwords is something that has been reflected by the FIDO Alliance after surveying 10,000 consumers from the United Kingdom, France, Germany, the United States, Singapore, Japan, South Korea, India and China.

Delving into the survey data, 51% of users logged into their online bank using a password in the last 60 days, while 28% used a one-time password (OTP) sent to the mobile device and 14% used a password manager. Other methods have been Microsoft and Google authentication apps, keys like YubyKey and Google Titan, QR codes, browser autofill, and staying signed in.

Despite the fact that passwords clearly dominate over the rest, the reality shows a quite diversified panorama and in which the use of passwords was reduced by 5% for financial services, 7% for work-related accounts , 8% for social networks and 9% for smart home devices (“smart” home devices are another sweet tooth for malicious actors).

Example of use of passkey in Apple

The FIDO Alliance insists on the danger of passwords by saying that, “for example, 70% of people had to recover a password at least once in a given month”. Here it is perhaps important to highlight how this affects retailers and service providers, as 59% of users gave up access to any online service in a given month and 43% stopped shopping because they couldn’t remember their password.

One time passwords use sound like a good thing, but the reality is that they depend on the way they are used. If you want to have security, your thing is to support this method in an application, but today SMS is still widely used, which for many years has been considered an insecure medium due to the facilities it offers to be manipulated from many fronts, including the telephone service provider. One-time passwords sent via SMS are still used in financial services, workplace accounts, social networks, video platforms and more.

The results of the survey are not the best from the perspective of the FIDO Alliance, but among so much “darkness” it is possible to find that 39% of respondents were very or somewhat familiar with the idea of ​​passkeyswhich, as we have already said, aim to offer a much safer and easier way to authenticate than passwords.

A future without passwords is possible, but not so fast

As we can see, passwords are still the most used authentication method, but if the current trend continues, they will soon fall below 50%.

Although some modern authentication methods have obvious advantages over passwords, their problem could be that they have coexisted with other systems that are a joke, which can make it difficult for them to convince those who are still stuck on passwords as the only method. of authentication.

Cover image: Unsplash

We have other articles that may interest you:
  1. Home Assistant: build your own home automation switchboard
  2. Google prepares the arrival of the Pixel Watch for 2022
  3. Cheap Oppo Find X3 Lite: where to buy it at the best price?
  4. How to watch TikTok on your Smart TV with an Amazon Fire TV
  5. VOD news 38/22: ‘A private matter’, mystery and fanfare in post-war Spain
  6. Samsung sells more foldable smartphones than ever
Deepak GuptaOctober 28, 2022
0

Related Articles

Record data leak at Twitter: a hacker steals 400 million accounts and wants to sell them to Elon Musk

December 27, 2022

The 3 most absurd deaths that Season 3 of The Boys has left us

July 11, 2022

Board games with versions for console, PC or mobile

May 3, 2022

OpenAI creates a tool to detect texts from ChatGPT

January 31, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *