Blog
What is Passwork?
By Iliya Garakh, CTO in Security

The future of password security

Whenever the word ‘cybersecurity’ appears, the word ‘password’ springs to mind in parallel. People use them everywhere, from mobile phone locks to the protection of personal and state data stored on individual devices or websites. Everyone knows that a strong and secure password is able to save our sensitive information, however, cybercriminals have invented a huge variety of methods to hack our passwords in order to compromise us. So, modern problems require modern solutions. Now, there are a lot of alternative ways to protect access to personal data. The usual passwords are replaced by multi-layer authentication or just more progressive technologies. These are fingerprints and face recognition functions, keychains, and password vaults. But what is the future of passwords? Will they become an outdated option or stay a necessary part of access.

Why are passwords considered weak?

With the growth of cybercrime, the requirements for passwords are increasing. The first passwords consisted of short, easily-memorized word or numeral combinations, but they were too easy to crack. Now, passwords are sophisticated alpha-numeral combinations, sometimes too long to remember. Nevertheless, it is still possible for hackers to find the solution and get access to your account. Passwords are usually based on some common information like a date of birth, the name of a child, or a home pet, which implies that hackers are able to find out what it is if they have enough time. The other reason why passwords become targets is the fact that they provide unrestricted access to your account. Moreover, many people use the same or similar passwords for many different accounts, so they simplify the process of collecting their sensitive data from multiple sources. Of course, using the same password for every account mitigates the risk of forgetting the password, but reusing the combination is quite risky. Users are sure that they won’t be hacked as the data they store is not valuable enough to be stolen, but it’s a common mistake as almost everyone can be compromised or fall victim to a bot attack that is aimed at spreading spam or malicious links. So, the best way to protect your privacy is not to reuse the same password and exploit multi-layer authentication for your accounts.

The anti-password movement

This movement was established as soon as people understood that usual passwords are more vulnerable than they should be. Passwords are inconvenient and provide multiple avenues for fraudsters to obtain your data and profit from it. The most typical method for hackers to profit from this data is to sell it on the dark web for fast cash. Advanced attacks on logins have been known to shut down entire corporations or launch ransomware campaigns. Credential stuffing is the most well-known form of password hacking, it is based on the reusing of the same password for multiple accounts, pairing it with different email addresses or logins. It is usually aimed at taking over as much information from corporate accounts as possible. Thus, internet users realized that passwords are not the most powerful protection that can be exploited for security goals. So, what was made in addition to, or in place of, the password?

Multi-factor authentication

Single-factor authentication refers to the requirement of only one password to access an account. This method of protection has been used for a long time, but now it’s obsolete. The new practice in authentication is multi-factor access which requires passing two or more layers of authentication before accessing an account. The possible steps of this sophisticated technology could be the PIN code, the server-generated one-time code sent to your email address or mobile phone, or even fingerprints and face recognition.

It makes access more complicated but also serves as an additional barrier to compromise attempts and data thieves. This motivates them to move on to more straightforward targets. While it isn't infallible, it does dissuade attackers from trying anything else, potentially rescuing you from disaster.

Another successful way of protection is the passphrase that is used instead of common password combinations. It is represented as the meaningful or meaningless word combination consisting of up to 100 words. It seems to be hard to remember a long phrase, but it is much easier than remembering alpha-numeric combinations including substitution, capitalization, and different numbers. Hackers will find it incredibly difficult to break into a system since passwords are several words long and can contain an endless number of word combinations. Another good thing about such protection is the lack of necessity to install the special apps or systems required to use this technique. It can be applied to every account without special password character limits.

Is the password dead?

The first hacking attacks were conducted as early as the 80s. Regardless of this, people still use passwords as the main protection force for their private information. So, why can’t we replace it with more modern and convenient technologies?

First of all, it’s related to the ease of creating passwords. The password is generated by the user himself, so there’s no need to create and exploit special services that would be able to provide protection for the account on the user’s behalf. Another point is the privacy of users. The password is one of the more private ways of authentication as it doesn’t require any personal information, it can be a random combination of numbers and lack sense, unlike methods such as biomedical data access, which is connected with personal information that could get out into cyberspace. The last but not the least important point lies in the simplicity of replacing passwords. It can be useful in the event of a major data breach, as it’s easier to change the password than the biomedical options that are used for fingerprints or face recognition.

Conclusion

So what will be the future of passwords? Passwords will definitely be used as one layer of a multi-factor security system for the next few years as there are still no more useful options for saving our privacy than passwords. People are continuing to look for the perfect method of protection, so maybe in a few years, something will finally appear and the world will be able to say goodbye to long sophisticated passwords. Some services have already turned to new systems of access, like one-time codes or fingerprints, but there is still a possibility of being hacked. Indeed, users still believe that a multi-layer system of protection is more convenient than any possible alternative.

A self-hosted password manager for your business

Passwork provides an advantage of effective teamwork with corporate passwords in a totally safe environment

Learn more