Do Passwords Have to be Such a Pain?

A Brief History of Password:

Do you know when the word password was defined? No, Okay, let me tell you, In the early days of 1961, MIT, Bell Labs, and UNIX were developing a Compatible Time-Sharing System (CTSS) for multiple users, and during that time to keep everyone’s file private they started thinking about having a system that verifies that user who they are which led to the birth of authentication. The concept of the password was developed so the user can access their files for 4 hrs/week - Shocked right! Yes, time was limited back in the 1960s.

At this stage, hackers were more interested in testing and exploring computer systems than in criminal activity.

How Hackers Steal Your Information?

By any means, passwords are always in the news or on the internet. They’re either being stolen in data breaches or misused for being too simple. Of course, that omnipresence and simplicity are precisely what makes passwords attractive to so-called bad guys. Hackers are using the following practices to steal our passwords, there are many but we’ve listed out a few which are very widely used:

1. Credential Surfing
2. Phishing
3. Password Spraying
4. Keylogging
5. Brute Force
6. Rainbow Table Attack

Why & What they do with our Information

If you think that hackers can only attack big companies or big security organizations like the FBI or Pentagon as you might have seen in the movies but you're wrong! Why? They don't care about who you are! Unlike movies, it is not necessary that hackers can only target the big giants but their main part of hacking and exploitation are the smaller companies or people like you & me! Hackers are ready to take advantage of possible exploitation without taking care of your business or your personal fame. The reason will vary depending on the hacker. But here are some of the example of what motivates them:

1. Monetary gain: they will search for your credit card info, username, passwords, high-security classified information, contact information, etc.
2. Resources: Cybercriminals will leverage the server of a particular website to reach the level of impact they’re after, and in the end, you will be part of the big hack.
3. To prove Something: They want to prove or expose to the world or a particular organization or maybe to bring awareness to political or social issues

Now, you understand their motivation to do this malicious activity but also I see some lines on your face and you’re wondering about what they do with the data? So here is the answer to your question on “DARK WEB”(The dark web is part of the internet that isn't visible to search engines and requires the use of an incognito browser called “Tor” to be accessed).

Yes, you saw it right! Your data being sold on Dark Web and in Hackers forum too at a very cheap price (for ex. 27 Apple accounts details in just $12).

Why Is It Such Painful for us & Companies?

It is the 21st Century and almost all the age groups owning a device in terms of mobile phones, laptops, tablets, etc. One uses it for different purposes but to fulfill your purpose one has to go online from downloading the games to surfing on the internet, almost everywhere you need a presence that means your online identity!...... Online identity???..... Yes yes, you guessed it right, I am talking about the User Accounts on the internet.

How many online accounts do you have? C’mon, It’s the 21st Century and It’s likely at least a few dozen. Can you remember so many different passwords? Unlikely. 59% of internet users will use a handful or even one password for all these accounts. Password reuse isn’t great for Security, however. Often hackers try to check your passwords with your other online accounts and try to hack the information from that account as well. According to Hasso Plattner, 2.2 Billion passwords are on the dark web for sale. Scary numbers right? But yes, it is the truth!

I believe that "Compared to password reuse multiple times in the 21st century, writing down passwords is the lesser evil". Yes, it is true.

Even for the companies, it becomes a headache. Now maybe you’re surprised & thinking why for companies? They have the money, a big team then why they have to suffer from headaches. They put all their resources to bring more customers and try to retain them. But you know what, sign-up & re-login page on your website can make you lose your customer by 20% to 60%. According to FIDO, ? of an online purchase is abandoned due to a forgotten password, and to reset it users contact your customer support, and it costs you on an average $70 for a single password reset.

Authentication Takes a Jump

In 1979, with a long vision, the National Bureau of Standards created the Data Encryption Standard (DES), which remained the standard for 20 years before adopting a more advanced and efficient algorithm. Also in the 1980s, the first time multifactor authentication (MFA) tokens appeared, mostly for use in nascent remote-access VPNs.

However in the 90s, with the bang of the worldwide web people started using the internet regularly and to protect them scientists were working on making how to make password secure, and to do that computer science took a leaf from Cryptology. In 1997, two Belgian scientists proposed new Advanced Encryption Standards (AES) and it was so effective that it is still in use. In 2013, it was updated to a version that determined the user’s humanity through the click. It has more recently been updated to CAPTCHA, which utilizes behavior to determine humanity. Companies introduced Biometric authentication techniques to authenticate users.

Passwordless Authentication?

Nowadays the new authentication system has been taking place and it is called Authentication without passwords called “Passwordless Authentication” and it can be achieved through possession factors and these factors could be the Magic Link, one-time password, registered device, bio-metric or hardware token. Instead of putting passwords users can put their mobile number or email address and on which they receive either a magic link or OTP. Sounds Interesting right!

In Cryptr's opinion, there are certain benefits of this technology like;

1. It improves the user experience because users don’t need to remember password and he/she can log in through magic link or OTP from their phone that means to give people easy access to their data from anywhere at any time.
2. Passwords are a major vulnerability as users reuse passwords and sometimes share it with their friends or family members but by using this technology he/she does not need to remember or share the passwords, So this technology Enhance Security.
3. Reduce the cost of ownership & generate more customer conversion and retention, you ask why? Because as we mentioned earlier that people tend to forget their passwords plus managing passwords is so expensive (for ex. implementing password complexity policies, password expiration, password reset processes, password hashing and storing, etc) and a single password reset can averagely cost $70. Plus, it can improve its marketing campaign.

Prominent firm Gartner predicted that “60 % of global enterprises, and 90% of small-medium enterprises, will implement passwordless authentication methods in more than 50% use cases”.

Did you like this concept? According to you what are the pros and cons of it, do let us know by commenting below and follow Cryptr for some more exciting news on passwordless technology.

Thank you so much for investing your time to read the article.

Take care of yourself & your family at this particular time. Good Bye!

#passwordless #authentication #startup #cybersecurity #innovation #userexperience #UX #hacking #google #cryptr #openIDConnect #microsoft #security #oauth2 #passwordpain #FIDO #userexperience #Cryptr