Passwords have been around for decades and are a well-established form of cybersecurity – that is, until hackers started figuring out more and more ways to get around so-called secure passwords. So then, what is the problem with using passwords? Simply put, passwords lack the high levels of security necessary to combat the ever-advancing technology accessible to hackers and bad actors. In 2021 alone, over 6 billion credentials were leaked, and more than 60% of breaches were caused by stolen credentials. That is simply unacceptable. But what is the reason why passwords are not secure?
Unfortunately, there are myriad reasons why passwords are not secure, especially when compared to available alternatives such as passwordless authentication. These include (but are certainly not limited to) password sharing, password reuse, and phishing.
These terms – particularly phishing – are massive buzzwords in the cybersecurity space. Everyone has heard of them, but just how relevant are they?
According to the 2020 State of Password and Authentication Security Behaviors report by Yubico, a whopping 59% of IT security practitioners out of 2,507 surveyed claimed that their organization depended on human memory to manage their passwords. I can barely remember what I ate for breakfast this morning, let alone a complex string of letters, numbers and special characters! By relying on human memory to manage passwords, organizations are not only risking that people forget their passwords (which leads to countless time spent contacting helpdesks and not doing work, costing organizations a lot of money year over year), but they are risking company-wide breaches. It is safe to assume that, if passwords are being managed by human memory, they are not very strong passwords – this just makes it that much easier for hackers to breach your organization’s system and obtain valuable information. Just look at recent hacks such as the SolarWinds hack of 2021 and the T-Mobile hack of 2023, the NINTH data breach that T-Mobile has reported since just 2018.
Still don’t believe us? Here are some statistics courtesy of Deloitte, AAG and ASEE:
And that’s not even the half of it. Cybercrime has been rapidly growing over the years with no signs of slowing down, and by just using a plain old password, you and your organization are at a high risk of a breach, simply due to the poor security of a password.
The biggest threat associated with using passwords is definitely phishing. Phishing schemes, too, are on the rise and, despite their notoriety and the sheer number of trainings that center around not falling for them, millions of users are phished every year. The fact that phishing is still so prevalent is definitely another sign of human error at play, this error being in the judgement department, but it definitely is representative of the overall rise of cybercrime and the increasing audacity of hackers. Check out our blog on how to stop phishing attacks with unphishable credentials to educate yourself on the importance of going passwordless.
While passwords are still a widely accepted form of security across the globe, the push for passwordless authentication has grown more aggressive in recent years. Notably, President Joe Biden issued Executive Order 14028 back in 2021 to push for increased cybersecurity measures such as passwordless authentication – this legislation was more recently supported by the Multifactor Authentication (MFA) Modernization Symposium, which urged organizations to switch to passwordless authentication methods.
So yes, it seems that passwords are passé. What can you and your organization do to get ahead of the curve? Two words: passwordless authentication. Check out our article on how passwordless authentication works to learn more about this game-changing technology. Or, if you’re ready to join the passwordless revolution, you can schedule a call or demo with one of our experts today to learn more about EZCMS, the best passwordless authentication onboarding CMS for Azure!