Almost every day appears to be a ‘Day’ of some sort, but one you may have missed occurred on May 7th. ‘World Password Day’ is designed to remind us all of the importance of updating our important passwords on a regular basis. In a number of reports released to coincide with the annual event, McAfee1 revealed that the growth in remote working in the first three months of this year has resulted in many poor security practices as Remote Desktop Protocol (RDP) systems were brought online at speed amid the turmoil of the coronavirus pandemic. The company cites weak passwords as – still – the most common method by which attackers gain access, with P@ssw0rd, 123456 and NULL123 featuring strongly. Furthermore, most people hadn’t changed their passwords since their system was installed.
Weak passwords are vulnerable to so-called ‘brute force’ attacks, in which computers crunch thousands of potential passwords. They can largely be foiled by ‘three attempts’ limits common to many systems, or the much disliked (by users) ‘two stage authentication’ protocol. But an increasing risk is now recognised as coming from ‘insiders’, either deliberately leaking access information or using ‘shadow IT’, in which unauthorised devices, such as phone apps, compromise system security. The danger here is that, as a Cisco executive outlined at a recent IIC event, such breaches are commonly (and unacceptably) not detected for months, leaving hackers plenty of time to find and distribute all the information they want.
In theory, the answer to this should be to move to biometric access. This was announced last year by Microsoft, among others. The problem is that the current technologies, including fingerprint, voice, and facial recognition, are not always completely reliable and may themselves be vulnerable to mimicking. As a result, passwords are still commonly used as a ‘fall back’. In a recent survey by FindBiometrics2, cyber security insiders expressed a range of views on whether passwords could ever fully be replaced, but even the optimists – 59% – said that it could take up to a decade and nearly a quarter said ‘never’.
What’s clear is that passwords, along with our apparent inability to make them easy to remember and hard to guess, will be with us for several years yet. An equally safe prediction is that on 6th May 2021 – the next World Password day – P@ssw0rd and 123456 will still be top of the password charts.
Biometric authorisation is becoming more common, but it’s still underpinned by the traditional password.
We give innovators and regulators a forum in which to explore, debate and agree the best policies and regulatory frameworks for widest societal benefit.
Insight: Exchange: Influence
We give members a voice through conferences, symposiums and private meetings, as well as broad exposure of their differing viewpoints through articles, reports and interviews.
The new website will make it easier for you to gather fresh insights, exchange views with others and have a voice in the debateTake a look Learn more about our updates
You are seeing this because you are using a browser that is not supported. The International Institute of Communications website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.