Will we see the end of text-based passwords?

Will we see the end of text-based passwords?

The drive to digital has made us all susceptible to new security risks as cybercriminals look to capitalise on the situation. 2019 was a record-breaking year for the number of breaches resulting in exposed records, and the recent cyberattacks to multinational companies including Kylie Cosmetics and Blackbaud suggest this is a trend which is here to stay.

Recent lockdown announcements mean it’s likely that widespread remote work will continue to be the norm for the foreseeable future. With so many of us connecting to home WiFi connections and using personal devices for work, workplace security risks have never been higher. It’s therefore crucial that employees are protected from groups looking to take advantage of the crisis – and this calls for a shift in the way organisations approach authentication.

Revisiting approaches to authentication

Under current circumstances, improving enterprise security is mission critical. Our recent research revealed just 18% of businesses say their current security solution is fully secure. The most likely causes of potential threats are human behaviours and, with 92% of Brits admitting to password reuse at home and at work even amid a rising number of data breaches, it’s easy to see why. The amount of time that IT and security teams spend managing users’ password and log in information has increased 25% since 2019.

These contrasting figures paint a picture of a complex security landscape, and clearly something needs to be done before it’s too late. With 85% of IT and security professionals agreeing that organisations must reduce the number of passwords being used on a daily basis, does this mean the end of the humble password?

The future is bright for biometrics

Biometrics has emerged as a key contender in the future of authentication. Biometric authentication relies on the biological characteristics of an individual to verify they are who they say they are. Common types include fingerprint scanners, facial recognition, voice identification and eye scanners, and its increased use is being driven by convenience and a reliance on hard-to-fake individual biological traits.

Formerly seen as a staple in every spy movie, biometric authentication is now an accepted part of the security landscape. And its use is on the rise, with 65% of consumers trusting fingerprint or facial recognition over traditional text-based passwords. This increasing comfort is likely down to frequent use of mobile devices and paints a picture of a changing tide in consumer security approaches.

But that’s not to say text-based passwords will disappear completely. While biometrics help to overcome the problem of users forgetting login credentials, it should be seen as more of a validation technique rather than an access method.

Passwordless authentication as a solution

When used properly, text-based passwords are more than effective as a secure means of authentication. Passwords have always been the foundation of authentication and there’s no reason why this shouldn’t continue. However, they should be used in conjunction with additional solutions to cancel out the risk of poor security practices.

Here, there are varying ways organisations can bolster passwords to strengthen their security infrastructure. Passwordless authentication, for example, enables users to login to devices and applications without the need to type in a password, streamlining the experience while still maintaining high levels of security.

Biometric authentication, single sign-on (SSO) and federated identity all serve as cornerstones of passwordless authentication technologies, but none of them will directly replace passwords. Instead, passwords will continue to be used in some way throughout the business and will need to be managed securely and efficiently. It’s therefore critical that, alongside the implementation of a passwordless authentication model, a simple and efficient password management solution is put in place.

Making passwords more secure

 As our personal devices continue to bring biometrics into our everyday lives, it’s hardly surprising that people see it as the future of authentication. However, text-based passwords are more than capable of being a means of securing our information. The problems arise when individual password hygiene and security behaviour slip, putting organisations at risk in the process.

 We’re unlikely to see the number of data breaches decline in the near future, and the reality is that password reuse will remain a fatal flaw leading to an attack. Organisations must put the focus on security awareness and fight back against the mentality of not being a risk. Beyond this, businesses can bolster themselves with enterprise tools to keep hackers at bay. Here, passwordless provides organisations with a highly intuitive and secure method of authentication –  ultimately helping to make employees’ lives easier while improving security in a turbulent landscape.


By Barry McMahon, Senior Manager of Identity and Access Management, LastPass by LogMeIn

Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]