Read this quarter’s Intermedia here

BLOG

Rumours of the death of the password are exaggerated, for now

02.06.2020
Share this

Biometric authorisation is becoming more common, but it’s still underpinned by the traditional password

Almost every day appears to be a ‘Day’ of some sort, but one you may have missed occurred on May 7th. ‘World Password Day’ is designed to remind us all of the importance of updating our important passwords on a regular basis. In a number of reports released to coincide with the annual event, McAfee1 revealed that the growth in remote working in the first three months of this year has resulted in many poor security practices as Remote Desktop Protocol (RDP) systems were brought online at speed amid the turmoil of the coronavirus pandemic. The company cites weak passwords as – still – the most common method by which attackers gain access, with P@ssw0rd, 123456 and NULL123 featuring strongly. Furthermore, most people hadn’t changed their passwords since their system was installed.

Weak passwords are vulnerable to so-called ‘brute force’ attacks, in which computers crunch thousands of potential passwords. They can largely be foiled by ‘three attempts’ limits common to many systems, or the much disliked (by users) ‘two stage authentication’ protocol. But an increasing risk is now recognised as coming from ‘insiders’, either deliberately leaking access information or using ‘shadow IT’, in which unauthorised devices, such as phone apps, compromise system security. The danger here is that, as a Cisco executive outlined at a recent IIC event, such breaches are commonly (and unacceptably) not detected for months, leaving hackers plenty of time to find and distribute all the information they want.

In theory, the answer to this should be to move to biometric access. This was announced last year by Microsoft, among others. The problem is that the current technologies, including fingerprint, voice, and facial recognition, are not always completely reliable and may themselves be vulnerable to mimicking. As a result, passwords are still commonly used as a ‘fall back’. In a recent survey by FindBiometrics2, cyber security insiders expressed a range of views on whether passwords could ever fully be replaced, but even the optimists – 59% – said that it could take up to a decade and nearly a quarter said ‘never’.

What’s clear is that passwords, along with our apparent inability to make them easy to remember and hard to guess, will be with us for several years yet. An equally safe prediction is that on 6th May 2021 – the next World Password day – P@ssw0rd and 123456 will still be top of the password charts.


1 https://www.infosecurity-magazine.com/news/criminals-exploiting-remote/
2 https://findbiometrics.com/year-in-review-2019-the-roundup-901149/

Biometric authorisation is becoming more common, but it’s still underpinned by the traditional password.

Theme:
Privacy, Safety, Security
Region:
Americas, Asia Pacific, Europe, Middle East & Africa
biometrics, cybersecurity, passwords Lynn Robinson Lynn Robinson Director General, International Institute of Communications
You may also like... Blog
Regulatory Watch – September 2024 25.09.2024
Blog
Comment: EU Court of Justice annulled the General Court’s judgment in the Three-O2 case – potential implications for in-market mobile consolidation 28.07.2023
Blog
Round-up of the latest industry news – June 2023 28.06.2023

Latest

Blog
Regulatory Watch – September 2024 25.09.2024
Article
Eden Tadesse 23.09.2024
Article
Lara Connaughton 09.09.2024
Article
Nadia Natasya Azizuddin 09.09.2024
View All
Back to the top

The IIC is the world's only policy debating platform for the converged communications industry

We give innovators and regulators a forum in which to explore, debate and agree the best policies and regulatory frameworks for widest societal benefit.

Insight: Exchange: Influence

We give members a voice through conferences, symposiums and private meetings, as well as broad exposure of their differing viewpoints through articles, reports and interviews.

The new website will make it easier for you to gather fresh insights, exchange views with others and have a voice in the debate

Take a look Learn more about our updates
Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The International Institute of Communications website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.