Is Your Password Really Dead?
Amit Gupta
Digital Channels| Technology Management | Corporate Banking| Core Banking System| Credit| Lending|Treasury| Risk|
You would be surprised if you come to know that almost two decades ago in 2004, Bill Gates predicted the death of passwords during a talk at the RSA Security conference. There have been similar talks on this topic but the fact is passwords are still very much a part of our daily technology experience. The number of passwords each of us are managing just keep increasing with every signup.
Issues with Passwords
?? Passwords suffer from several problems- they can be shared, they can be stolen, they can guessed, they are difficult to remember and forgetting them can be frustrating.?
?? Effective passwords often require human efforts that many users can’t or simply won’t take the time to make.
?? The use of stolen credentials in social engineering breaches is the most common action by hackers
?? A common practice in the hackersworld is reusing account credentials curated during past data breaches. When the same email/username and password combination is used across several of personal and work accounts the hackers have it in their database already. But the issue also is why create unique passwords when you're not sure you'll remember them?
?? Organisations and websites had to come up with password policies to ensure that passwords chosen have a minimum strength but it has a huge drawback as it puts the burden of choosing a password confirming with the policy on the end users.
Passwords have served us well for a long time, but in the face of evolving cyber threats
领英推荐
What is Trending
·Multi factor authentication
Password Manager
Passkeys- ?A passkey lets you sign into your accounts using the same method that unlocks your device, such as PIN or Biometrics like finger or face prints. The main advantage is these methods are phishing-resistant, because a hacker needs your actual device, not just your password, to break in and its password-less. Fast Identity Online popularly known as FIDO is a set of technology-agnostic security specifications for strong authentication developed by an alliance of Amazon, Apple, Google, Microsoft, Visa and many other large corporations. This alliance has been working on secure authentication
Depicting simplistically (in the diagram below), during a registration ceremony, an authenticator will provide a public key to an IT system that will have a corresponding private key that exists on the authenticator. The IT system or application can then issue challenges, encrypted by the public key to a user. If the user is successfully able to use their private key to decrypt the challenge, then they will be authenticated into your application.
How Long will Passwords Survive
The passwords are going to stay for some more years at-least because of the perceived convenience, and the fact that a lot needs to be done in the software world to completely move to Password-less authentication. However for all sensitive operations passwords will be complemented by multi-factor authentication, and this has already happened for most financial applications. With time as more and more services of physical world will become completely digital, Passkeys shall overtake passwords. More and more devices and software will support passkeys or possession based authentication, it will become de-facto standard and people will find it much easy to use passkeys than remembering passwords. That’s at least what I think, what do you think?
share if helpful / valuable / useful / worth reading
VP@KMBL ??| 21k+ LinkedIn Family ??| 2.7M+ Impressions ??| LinkedIn Top Voice ??| Growth Mindset??
5 个月Very informative Amit Gupta
Chartered Accountant | Senior Vice President : User Solutions Group at HDFC Bank | HDFC Ltd Alumni | Mortgages | Business Analyst | Data Integrator | Process Designer | Business Continuity | MIS | SQL | Ind-AS IFRS
5 个月Insightful article. One quick thought that comes to mind is the concentration of the apps and the keys in the device in a password less world. The potential risk of losing the device and the risk mitigation factors need to be thought through and addressed more proactively.