NEW IIC Podcasts – see more

BLOG

Rumours of the death of the password are exaggerated, for now

02.06.2020
Share this

Biometric authorisation is becoming more common, but it’s still underpinned by the traditional password

Almost every day appears to be a ‘Day’ of some sort, but one you may have missed occurred on May 7th. ‘World Password Day’ is designed to remind us all of the importance of updating our important passwords on a regular basis. In a number of reports released to coincide with the annual event, McAfee1 revealed that the growth in remote working in the first three months of this year has resulted in many poor security practices as Remote Desktop Protocol (RDP) systems were brought online at speed amid the turmoil of the coronavirus pandemic. The company cites weak passwords as – still – the most common method by which attackers gain access, with P@ssw0rd, 123456 and NULL123 featuring strongly. Furthermore, most people hadn’t changed their passwords since their system was installed.

Weak passwords are vulnerable to so-called ‘brute force’ attacks, in which computers crunch thousands of potential passwords. They can largely be foiled by ‘three attempts’ limits common to many systems, or the much disliked (by users) ‘two stage authentication’ protocol. But an increasing risk is now recognised as coming from ‘insiders’, either deliberately leaking access information or using ‘shadow IT’, in which unauthorised devices, such as phone apps, compromise system security. The danger here is that, as a Cisco executive outlined at a recent IIC event, such breaches are commonly (and unacceptably) not detected for months, leaving hackers plenty of time to find and distribute all the information they want.

In theory, the answer to this should be to move to biometric access. This was announced last year by Microsoft, among others. The problem is that the current technologies, including fingerprint, voice, and facial recognition, are not always completely reliable and may themselves be vulnerable to mimicking. As a result, passwords are still commonly used as a ‘fall back’. In a recent survey by FindBiometrics2, cyber security insiders expressed a range of views on whether passwords could ever fully be replaced, but even the optimists – 59% – said that it could take up to a decade and nearly a quarter said ‘never’.

What’s clear is that passwords, along with our apparent inability to make them easy to remember and hard to guess, will be with us for several years yet. An equally safe prediction is that on 6th May 2021 – the next World Password day – P@ssw0rd and 123456 will still be top of the password charts.


1 https://www.infosecurity-magazine.com/news/criminals-exploiting-remote/
2 https://findbiometrics.com/year-in-review-2019-the-roundup-901149/

Leave a Reply

Your email address will not be published. Required fields are marked *

Biometric authorisation is becoming more common, but it’s still underpinned by the traditional password.

Theme:
Privacy, Safety, Security
Region:
Americas, Asia Pacific, Europe, Middle East & Africa
biometrics, cybersecurity, passwords Lynn Robinson Lynn Robinson Director General, International Institute of Communications
You may also like... Blog
The market model is failing indigenous peoples 21.10.2020
Blog
Africa needs investment in its cyber defences 09.07.2020
Blog
Comment: the EU General Court’s decision on Three-O2 deal 09.06.2020

Latest

News
DRC’s digital transformation to be managed by the president 23.10.2020
News
US Dept of Justice launches Google antitrust lawsuit 22.10.2020
News
Automation accelerated by pandemic, says WEF report 21.10.2020
Blog
The market model is failing indigenous peoples 21.10.2020
View All
Back to the top

The IIC is the world's only policy debating platform for the converged communications industry

We give innovators and regulators a forum in which to explore, debate and agree the best policies and regulatory frameworks for widest societal benefit.

Insight: Exchange: Influence

We give members a voice through conferences, symposiums and private meetings, as well as broad exposure of their differing viewpoints through articles, reports and interviews.

The new website will make it easier for you to gather fresh insights, exchange views with others and have a voice in the debate

Take a look Learn more about our updates
Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The International Institute of Communications website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.