It’s the End of Passwords as We Know It
- October 13, 2021
Imagine it’s October 2050 and a school class is on a Cybersecurity Awareness Month field trip at the local museum. Suddenly, a student asks his teacher “what’s that?” staring at some strange combination of letters, symbols and numbers. “Oh, that’s a password,” the teacher says. “Your parents used them to access their devices and applications They’ve since gone extinct.”
Passwords extinct? How did we get there? The answer is simple: biometrics and digital certificates.
Let’s not get too far ahead of ourselves. Instead, let’s jump back to 2021.
Too many passwords are a nuisance – let alone creating and remembering strong passwords that adhere to specific requirements. According to the Dell Technologies Biometric Usage Study, creating, remembering and regularly changing passwords is considered an annoyance to 62% of U.S. workers. In addition, the Dell Technologies Brain on Tech Study found that when users worldwide were presented with a long, difficult password to access a computer under time pressure, their stress increased by 31% within five seconds and continued to rise even after users successfully logged in.
These results reinforce that for most of us, good password hygiene is not a priority; it is, instead, a nuisance. Whether you reuse the same password repeatedly, use weak passwords or write them on a sticky note, many of us are doing exactly what we have been told not to do. To increase security, organizations typically require employees to update passwords on a regular basis and adhere to minimum requirements to create strong passwords. However, this doesn’t prevent employees from behaviors that compromise security for convenience.
Concerningly, these behaviors are not just reserved for working adults. A recent NIST study among third to 12th-grade U.S. students explored what they know about passwords and how they use them. The findings showed that elementary students learn and understand password best practices, yet they still demonstrate poor behavior when it comes to executing those best practices. Once children enter adolescence, the study revealed that many start sharing passwords to build friendships and trust.
So, if most people understand the importance of good password hygiene but no one feels obligated to practice it, where do we go from here?
The idea of using biometrics to identify an individual is centuries old. There is evidence that fingerprints were used as a person’s mark as early as 500 B.C. and that biometric technology existed for several decades prior. However, it wasn’t until the early 2000s that this technology really started showing up in end-user devices, and today, most people are familiar with using biometrics to unlock their devices and applications. What seemed like a novelty just a few years ago when we first saw people simply look at their smartphones to unlock them, has become commonplace.
As biometrics continue gaining popularity as a convenient and secure form of automated user recognition, the traditional password will become much less appealing to consumers and enterprises alike. In addition, the technology which enables biometrics continues to advance with better sensor technology and the use of AI-based matching algorithms. This results in a better user experience while improving the security model.
Advanced device security features like fingerprint readers and facial recognition are now readily available on mainstream business laptops and used as part of a multi-factor authentication solution, offering users more secure ways to access their devices, applications and data than easily compromised passwords. In fact, the Biometrics Usage Study found that at U.S. businesses where PCs with biometric security are available, around 80% of employees report using the feature and 64% of employees who currently don’t have these features available said they’d use them if offered. And that’s not just out of convenience; workers also believe that those features could help keep company data safe. This, in turn, enhances trust among IT administrators that the devices and users on their network are authentic.
But you may be asking, why is the use of biometrics more secure than passwords? Passwords are a string of characters which are validated by a website or service to allow a user access. Strong passwords are designed to be difficult to guess or replicate, but even the most complex passwords can be stolen or compromised. To secure user identities, the use of multi-factor authentication is increasingly required for user access. Biometrics play a critical role in multi-factor authentication as the most difficult to replicate of the three possible factors of authentication which are: something you know (your password/PIN), something you have (your device or security token) and something you are (your fingerprint or face). Connecting authentication to a user’s biometric match creates the most difficult scenario for a cybercriminal to duplicate. Once the local authentication is performed, a secure digital certificate is released to the website or service for user authorization.
Given the overall openness of employees to leverage biometric security features on PCs, there’s a real opportunity for biometrics adoption to continue increasing, especially as Gen-Zers enter the workforce. These digital natives grew up accustomed to using fingerprint readers or facial recognition on their smartphones and likely wouldn’t think twice about using the same technology on their PCs and other devices. It’s time for organizations to reassess how they are handling security on employee devices and consider incorporating biometrics for their next PC refresh cycle.
We still have a ways to go until passwords are obsolete and become a museum exhibit, but as biometric technology becomes more sophisticated and more widely adopted, it’s only a matter of time until we can blissfully forget about remembering complicated passwords without compromising security. In the meantime, there are simple ways all of us can “Be Cyber Smart” and keep our data safe without passwords raising our stress levels, including:
Each October for Cybersecurity Awareness Month, we reflect on the last year of cybersecurity, celebrate our achievements, learn from our experiences and look to the future. Technology is going to become more integrated into our daily lives which is a gold mine for bad actors. As we look towards a password-less future, it’s up to each of us to do our part and #BeCyberSmart.
Learn more about how Dell Technologies builds security features, like biometrics, into our devices here.