Forget password security: It's time to stop using passwords altogether - how secure is my password?

Forget password security: It’s time to stop using passwords altogether. (Source: Shutterstock)

“How secure is my password?” Don’t worry — Just stop using passwords

  • “How secure is my password?” Soon, it won’t matter at all.
  • The future lies in ditching passwords for more secure and user-friendly authentication methods.
  • The move toward passwordless options like biometrics and passkeys could redefine online security.

Digital access forms the backbone of our daily activity – the methods we use to verify our identities online are under more scrutiny than ever. From personal banking to workplace data, streaming entertainment, social media interactions, and operating smart home devices, the need for robust, user-friendly authentication is paramount.

Yet, despite technological advancements, the reliance on traditional password systems persists, raising concerns over security and convenience in the digital realm. The FIDO Alliance has released its third annual Online Authentication Barometer, surveying the current landscape of digital authentication in ten nations worldwide, with a focus on the Asia-Pacific nations including Australia, Singapore, Japan, South Korea, India, and China. The findings underscore an urgent call to action for improved security measures, resonating with alarming cybersecurity breaches of the past and emphasizing the growing consumer inclination towards more advanced authentication methods like biometrics.

The paradox of passwords: ‘How secure is my password?’ vs. consumer preferences

The 2023 report from the Online Authentication Barometer revealed a persistent reliance on passwords, even though users show a preference for more secure and convenient alternatives. The most frequent authentication strategy among APAC users involves manually typing a password without any supplementary security measures, spanning various applications like financial services (33%), workplace systems (39%), streaming platforms (27%), social media (30%), and intelligent home gadgets (19%). On average, users find themselves inputting passwords manually almost four times daily, which equates to roughly 1,200 instances annually.

This trend is alarming, particularly when recalling past cybersecurity incidents, such as the infamous Sony Pictures hack, perpetrated by individuals who called themselves the “Guardians of Peace.” This breach was monumental, with the intruders pilfering an extensive array of confidential data, encompassing Sony Pictures employees’ personal data, internal communications, executive salary details, unreleased films, and other classified material.

A significant lapse in Sony’s security measures was the improper safeguarding of password data. The leaked data included a file conspicuously labeled “Passwords,” storing numerous login credentials for various systems and accounts, all unencrypted and in plain view, thus easily exploited by the intruders post-breach.

Additionally, the hackers employed highly convincing phishing schemes, deceiving employees into surrendering their access details. Possessing these login details allowed the attackers not just to enter the network, but also to navigate through it unhindered due to the absence of stringent multi-factor authentication measures, eventually gaining access to restricted, sensitive data.

In light of this, the persistence of manual password entry is curious given the growing appeal of biometric verification. Survey participants rated biometrics as both the most secure form of authentication and their preferred method. This preference is most pronounced in Singapore, where 35% regard biometrics as the most secure, and 41% favor it over other methods. These statistics imply a strong consumer inclination towards biometric systems, although the means to utilize them seem to be lacking currently.

Entering a password manually without any form of additional authentication - how secure is my password

Entering a password manually without any form of additional authentication. (Source: FIDO Alliance)

The question then becomes, if biometrics are so secure and so popular, why we’re all still asking “How secure is my password?” Why is it taking traditional password etiquette forever to die off in the face of better, safer, and preferred options?

According to Andrew Shikiar, Executive Director at FIDO Alliance, in Asia-Pacific, there is a growing interest among consumers in adopting more robust authentication methods, with biometrics emerging as a favored choice.

“This year’s Barometer data supports this trend by showing that APAC consumers are on par with other regions globally in looking to reduce their reliance on legacy authentication methods. Nonetheless, the persistently high password usage without 2FA is a concern, highlighting how little consumers are offered alternatives like biometrics, resulting in lingering usage,” Shikiar added.

AI: The double-edged sword in online scams

This year’s survey additionally delved into users’ perceptions of online threats and deceptive activities. In the APAC region, 58% of individuals reported an uptick in dubious communications and fraudulent schemes online, and 56% acknowledged these scams’ escalating complexity. Indian consumers noticed this surge most significantly, with 75% observing an increase in deceptive activities and 74% noting their enhanced sophistication.

These threats predominantly permeate through various mediums, notably email, text messages, social media platforms, and counterfeit calls or voice messages. The proliferation of advanced, readily accessible AI tools likely propels this surge in scams and phishing attempts.

Cybercriminals are utilizing tools like FraudGPT and WormGPT, specifically designed and disseminated via the dark web for criminal activities, simplifying the creation of convincing and complex social engineering schemes. Moreover, deepfake technologies for voice and video are increasingly manipulated to fortify these attacks, fooling individuals into believing they are interacting with a familiar, trusted contact.

Passkeys: The dawn of passwordless authentication

Despite their relatively recent introduction, passkeys — a secure, passwordless option for logging into online services — have seen growing recognition among APAC consumers, with awareness jumping from 41% in 2022 to 58% today. This authentication strategy, impervious to phishing, has garnered support from major industry names. For instance, Google has made passkeys available to its user base, encouraging a shift away from traditional passwords and two-factor authentication, a move mirrored by Apple and other significant entities like PayPal within the past year.

The repercussions of outdated login methods are intensifying for both enterprises and individual users.

The survey unveiled an exacerbating negative impact due to traditional user authentication processes. Around 62% of individuals have opted out of using an online service, and 45% have forsaken an online purchase in the preceding 60 days. The regularity of such occurrences has escalated annually, now reaching an average of nearly four times monthly for each individual, marking approximately an 8% increase on the previous year. These subpar online interactions are not just frustrating customers, but also adversely affecting companies’ financial performance.

On a global scale, the inconvenience of passwords is further underlined by the fact that 70% of individuals have had to undertake password recovery or reset processes in the last two months, having forgotten their credentials. This statistic underscores the inherent inconvenience of password systems and their contribution to obstructing a fluid, user-friendly online experience.

How secure is my password? It's time to move on, says Google.

Moving on from passwords, the Google way.