Passwords over the years
Passwords have been the first step in securing your data for generations. However, for as long as passwords have been around, there have been criminals trying to steal them and access the data they protect. For this reason, passwords have undergone multiple evolutions over time.
In the early days, you may have remembered a password in your head or on a post-it. As time went on, the requirements for passwords became more robust, with alpha-numeric and special character requirements becoming the norm. The next evolution in password technology came with multi-factor authentication, adding a new layer of protection from would be hackers. As the name suggests, multi-factor authentication adds an additional layer of defense beyond a password, such as sending you a time-based one-time password via email or text, or verifying your identity via an authenticator app on a trusted device.
Even with all these advancements in password practices, it is still not a fully secure system. Those with complex passwords and multi-factor authentication are still susceptible to phishing or human error. According to the FIDO Alliance, up to 51% of passwords are reused, and over 80% of data breaches are done via stolen passwords. As we saw with the Colonial Pipeline attack in 2021, no company is too large or too secure to withstand a targeted attack.
The future of passwords
With all of this in mind, the next phase in password and data security is fast approaching. In a statement released in May of this year, Apple, Google, and Microsoft, in partnership with the aforementioned FIDO Alliance, announced the adoption and support of passwordless sign-in standards across all of their platforms. The purpose for these new standards are to eliminate end-user passwords, and transition to a biometric based authentication system. What that means is instead of verifying your identity via a text, email, or authenticator app, websites in the future will verify your identity using your fingerprint or a face scan. And with these standards being adopted across all platforms, in the future you will be able to authenticate your Microsoft account via a trusted Apple device, or authenticate your Apple account via a trusted Microsoft device.
The overall goals of these new sign-in policies are to consolidate authentication methods to a biometric based system, and most importantly, to phase out the user-generated and easy to guess passwords that can shut down any businesses if compromised.
With Hundreds of technology companies adopting the FIDO Alliance standards, a passwordless future is approaching fast. Until that time comes, remember to maintain strict password policies in order to keep your business secure. For more security best practices, check out this guide from Computer Business Consultants for tips on how to protect against ransomware attacks.
Keeping up to date with developments in the cybersecurity world is something we are actively involved with at Computer Business Consultants. Maintaining a culture of cybersecurity to prevent attacks before they happen is of upmost importance for us and our clients.
Contact us for more information on how Computer Business Consultants can help keep your business secure.