Passwords are, for most of us, one of the first lines of cyber defense. Our social media profiles, online banking, computer, email, online shopping accounts and much more require passwords to access. And anyone with the password can gain access, pretty much instantly in most cases.
This means we rely on passwords very heavily. The trouble is, passwords are kind of a weak point when it comes to security. Nearly 19 percent of business passwords are thought to be ‘easily compromised’. This is a problem, because about approximately 81 percent of data breaches are the result of weak or stolen passwords.
We need to do something about this. But first, it’s necessary to look at why passwords are so unreliable, and the solutions we have right now.
The current issues
Passwords are ultimately the work of humans. They’re one part of security that is entirely dependent on the user, and humans are typically prone to error. Here are the three of the main mistakes people use when creating passwords:
- Keeping things too simple. People tend to use extremely simple, memorable passwords like ‘123456’ and ‘password’. These are easy to keep track of, but they’re also easy for hackers to decipher.
- Passwords aren’t cardboard boxes: recycling is definitely not encouraged. Still, far too many people use the same passwords again and again across multiple devices and accounts. That means if a hacker gets hold of one, they get several.
- Refusing to change. The ‘update your password’ notification is annoying, but it’s there for a reason. About 47 percent of people use passwords that are more than five years old — massively increasing their risk of being hacked.
All of these issues combine to make passwords less than ideal. However, that doesn’t change the fact that passwords are still a crucial part of security for businesses and individuals. In the past, it has proven impossible to find alternatives to passwords, so we’ve been stuck with the same flawed system.
To combat these issues and make passwords safer, a few options exist – like password management programs. But these have their own problems to work through.
Password managers: are they good enough?
Password managers are software that takes care of passwords so users don’t have to. They set complex, secure passwords and store them securely to reduce the risk of hacking.
This way, users can benefit from strong passwords for all their devices, without having to worry about remembering lots of different complex sequences of letters and numbers. Sounds like the perfect solution, right? Well, it’s certainly an improvement on ‘123456’ in the majority of cases. And a lot of the password management software out there can be reliable and safe.
Unfortunately, these services have their fair share of flaws. For example, a researcher at Google keeps finding flaws in the password manager Keeper. He brought attention to the issue (which makes it possible for hackers to steal information from users’ browsers) last year, and then found it was still a problem for similar reasons a year later.
This isn’t an isolated case, either. German researchers last year published a report showing flaws in nine big password managers. Many of the issues have since been addressed, but it doesn’t exactly fill users with hope.
All too often, password managers are prioritizing convenience and ease of use over security. Still, despite their faults password managers have always been the best option available to improve password security. But is that still the case?
Recently, we’ve seen some truly exciting new developments which could change the way passwords work forever — by removing them. It all comes down to blockchain technology.
Blockchain vs. passwords
Companies like REMME want to move away from relying on passwords. As we’ve seen, password technology is outdated, riddled with flaws, and puts individuals and businesses in danger.
It’s inadequate, and we need something completely new. Patches like password managers aren’t addressing the root of the issue.
REMME believes that blockchain offers a fresh alternative to passwords. Instead, their software issues an SSL/TSL certificate for every new device a user registers. This is stored safely on the blockchain, and functions as an alternative to a password.
Since blockchain is famously secure, anonymous, and corruption-resistant, the certificates are protected from hackers – far more so than passwords. The platform also allows users to rely on two-factor authentication linked to a messaging service of their choice.
This kind of approach doesn’t require users to set and memorize their own passwords. That way, human error is eliminated, and the platform instead uses a more secure and reliable blockchain-based system.
It’s becoming clearer all the time that passwords, and password managers, just aren’t up to the task of protecting us. A blockchain-based system could be the alternative we’ve been waiting for, and a step towards a more secure future.