Five Reasons to Kill Off the Password

Australia recognised the security problem posed by passwords through widespread media coverage of Centrify’s warning issued on World Password Day, which occurred on May 3 this year.

Centrify celebrated World Password Day, which turns up annually on the first Thursday of May as a day to promote good security hygiene and password habits, by calling for the end of this outmoded form of protection.

Centrify’s World Password Day warning was picked up by leading publications, including FutureFive NZ, Lifehacker and SmartCompany and led to Australia’s national broadcasting, the ABC, interviewing me on radio in New South Wales, Queensland and Radio ABC Darwin.

The problem is that passwords, by providing people with a false sense of security, fail to protect online resources. The bottom line is that passwords are not doing the job they’re intended for.

 

Click here to listen to a recording of ABC Radio Darwin’s Lyrella Cochrane interviewing Niall King on 2018 National Password Day.

 

There’s ample evidence to support this fact, such as the 2017 Verizon Data Breach Investigations Report (DBIR) which reports that 81 per cent of hacking-related breaches leveraged either stolen and/or weak passwords. So rather than celebrate World Password Day, we should treat it like an overly complicated password and just forget it – for five simple reasons.

1/ Passwords do not protect your online assets

As demonstrated by the Verizon DBIR findings, passwords are a big part of the problem, not the solution for security. Relying on passwords alone to protect your online identity and assets is like trying to ward off a rainstorm with a sheet of paper – it’s just not up to the task.

2/ People are really bad at choosing passwords

Most people are poor at recalling complexity, so, as a result, we tend to choose dumb passwords that are easy to remember. For proof of this, just check out Time Magazine’s report on The Worst 25 Passwords of 2017, with the top five being:

  1. 123456
  2. Password
  3. 12345678
  4. qwerty
  5. 12345.

In case you’re curious, “login” was at place number 14.

3/ People don’t keep their passwords secure

Even if you’re one of those rare people who creates a complex string of random characters that is at least eight characters long, with upper and lower case letters, numbers and special characters, you have likely recorded it somewhere – such as a sticky note next to your monitor or in a Word or Excel file on your hard drive – which makes it as secure as a house key hidden under the welcome mat.

4/ People use the same password for multiple websites

Because strong passwords are hard to recall, we may remember one and use it repeatedly. The problem is that this approach to security is like the domino effect: Once one falls, they all go down.

5/ There are many more secure ways to protect yourself than passwords

You probably already use some of them, such as two-factor authentication – something you have and something you know – like the cashcard and PIN you use to access your bank’s ATM.

Or biometric identification, like the thumbprint that gives you access to your smartphone and authenticates your identity when you use your phone to make purchases.

If you run a business, then you can mandate identity and access management systems that reduce the risk of data breaches by using machine learning to identify abnormal access patterns.

The best way to celebrate World Password Day is to kill off the password. Let’s stop making it easy for attackers to steal our data. Instead of celebrating passwords, we should ditch them in favour new tools like two-factor authentication to better protect our online selves.

It’s time to kill the password.