As it is world password day we thought we’d give you a brief look into the past and explain how passwords came to be and why they have become a more flawed system as time has progressed whilst also giving a look into the future to see what we might be using soon and explaining what we can do now.
The use of digital passwords first came around when computers were as big as a room in the 60s. They were to give time-shared access to users as this was the only way to share computing power around. The way this would work is you would choose a password and a “tip” to go with it, this would be a hint to your password. Whilst there was little to no use of encryption in the 60s, meaning your passwords would just be stored in plain text somewhere, not much else has changed since then. Other than the adoption of various types of encryption, including End-to-End Encryption (E2EE) by a few companies and the relatively recent Multi-Factor Authentication (MFA) (which we’ll get to) the changes since the days of a room-sized computer have not been much.

 

Security experts have been pointing out the flaws in password security since then.
Most of the flaws are to do with the psychology of passwords, the way people pick easy to remember passwords. In fact, 66% of us will re-use passwords multiple times. Another “flaw” is our ability to be manipulated. Through social engineering, malicious actors can extract information from us by pretending to be someone they’re not. And finally, our ability to remember so many passwords is limited, so we tend to stick to what we know and when we do change them, stick to a pattern.

 

What does the future of password security look like?
Well it doesn’t look like passwords are going anywhere in the near future, and whilst there are some things like biometric security and certificate-based authentication, these methods are still flawed and use passwords as a backup or integrate with passwords directly. Risk-based authentication is something that we have started to see integrated into our passwords. RBA is a secondary layer like MFA which will pick up on various things like the device you are signing into, the location of the device and the IP address of the device. If these things look out of place, it will alert you and ask you to confirm that it is you signing in.

 

What can you do to improve our password security?
2 words: Password Manager. Password managers are a great tool as they allow you to create random, strong, passwords that are stored in the software securely. You only need to create and remember 1 very strong password. Most password managers use autofill to fill websites that you have passwords saved for, so you don’t need to type out a 30-character long password every time you need to log in. Another thing you should do now enables MFA on all your accounts, MFA is a secondary method of authentication that will either send a code to your email or your phone or ask for a code from your authentication app. MFA is extremely useful as an extra layer of security, it requires you to confirm that you are the person trying to sign in.
If you want to use a password manager for you and your team, Cyber Wise is currently running a special offer on Keeper Password Management, all you have to do is get in touch to find out more!
If you don’t think a password manager is for you, ensure MFA is enabled on all of your accounts and check out the NCSC’s article on the “3 random words” method here.