Ready to go passwordless?

While some experts believe we should ditch passwords altogether as we seem to be unable to make them sufficiently secure, there is still plenty of advice on how to set up and manage strong, secure passwords. Here’s what you should know about passwords, password managers, multi-factor authentication, biometrics and going passwordless.

“Password” still one of the most used passwords

Unbelievably, people are still lacking in their efforts to use strong passwords, despite the increasing prevalence of cyberattacks by hackers to steal personal data and assets. The passwords, “password” and “qwerty” are still among the most common used globally. Furthermore, data has revealed that even CEOs of corporations are known to be using “12345”.

And, even more unbelievably people are using these simple, hackable passwords across many accounts, despite the well-known risks. If this is you, then you’re reading the right blog!

921 password attacks every second

Hackers routinely scan social media for personal information, such as children’s and parent’s names, birthday dates, favourite holiday destinations, etc. to gather collateral for potentially cracking people’s passwords and hijacking accounts.

According to the authentication log data 2022, from Microsoft Azure Active Directory, there are 921 password attacks every second, double the frequency of what it was 12 months ago.

Using a password manager

If you’re not using a password manager by now, then you really should be. It’s not the complete answer to online security, but nothing is and most?cybersecurity experts?agree that password managers are the most secure way of storing passwords.

You will still need to remember a master password, but a password manager, particularly one that generates unique passwords for you, can make your login life a whole lot easier, and increase your security.

Microsoft Edge?and Microsoft Authenticator can create (and remember) strong passwords using?Password Generator, and then automatically fill them in when accessing your accounts.

Are password managers safe?

A good password manager encrypts passwords often before they leave your device so that they are virtually uncrackable, and use ‘zero-knowledge’ architecture so that even the provider is unable to decipher them. That’s not to say that password managers do not suffer breaches, they sometimes do, but that should not put you off utilising this extra layer of security.

Some password managers will prompt you to change passwords and even scan the dark web to check your passwords are not being used.

You’ll need multi-factor authentication too, preferably with biometrics

We are using multi-factor authentication more and more in an attempt to keep hackers at bay, with our devices increasingly set up with the biometric readers to enable us to open them and application by presenting a fingerprint, our face, or even the iris of our eye.

The use of biometrics for two- or multi-factor authentication is generally accepted to be highly secure, since our biometric information is unique and only accessible by us, however there are still vulnerabilities in the use of biometrics.?Apple report?that the chance of someone unlocking your phone with face ID is less than one in a million, however their test conditions may not replicate real life. However, the security measure of enforcing password use after a number of failed face ID attempts is a fallback to this vulnerability of a brute-force attack.

Going passwordless

In 2021,?Microsoft announced?you could free yourself from the burden of passwords, by going entirely passwordless in accessing your Microsoft accounts.

By using the?Microsoft Authenticator?app,?or?Windows Hello, a security key, or a verification code is sent to your phone or email, you never need to remember a password or use a password manager.

But it’s not compulsory to go passwordless. You can turn the passwordless account setting on or off as you like.

If you’re not ready to go passwordless just yet, you should be, at the very least be using a well-known, reputable password manager, as well as enabling multi-factor authentication where you can, using either biometrics or textable/emailable codes.

Goodbye “password”

There really is no excuse for having to remember passwords these days with password generators and managers to help. And it’s certainly time to say a final goodbye to “password”, “qwerty” and “12345”.