By Andrew Shikiar, Executive Director, FIDO Alliance
This World Password Day presents an opportune moment for us to reflect on the fact that this outdated method of user authentication still underpins the bulk of today’s networked society. It also reminds us that we need to take concrete steps now to build a future digital landscape that offers greater security and convenience.
For years, leading cybersecurity experts have warned of the vulnerabilities of passwords, some even go as far as to call them ‘the weakest link in cybersecurity today’. At the root of the problem is the fact that knowledge-based credentials such as passwords and OTPs are human-readable and can be pried out of users’ hands and/or stolen from corporate databases by enterprising hackers.
Weak or compromised passwords are responsible for over 80% of data breaches. It is no surprise, considering that 53% of people reuse the same password for multiple accounts. Poor cybersecurity hygiene practices like these expose users to multiple attacks, as one compromised password can open the door for other accounts to get hacked. Legacy forms of two-factor authentication like SMS OTPs are better than a password alone, but are also susceptible to hackers who can use SIM swapping or other techniques to intercept and relay the “secure” passcode to take over the intended recipient’s account.
Even the savviest of users can fall victim to password attacks. Think phishing, credential stuffing and man-in-the-middle attacks. Cybercriminals often leverage social engineering techniques to deceive individuals into taking the desired action – including clicking on a link or unknowingly submitting their credentials via a fake website – to steal their passwords. These techniques prey on people’s intrinsic, emotional reactions and push them to bypass logic and overlook red flags. As such, it is unfair to expect users to become cybersecurity experts in order to protect themselves.
As cyberattacks in Asia Pacific continue to rise, organisations have a responsibility to ditch the password and adopt cryptographically secure, possession-based authentication. At FIDO Alliance, we are working closely with technology providers, governments and enterprises worldwide to make a passwordless future a reality – one that is not only more secure, but that is also more convenient. With FIDO’s authentication standards already available on over 4 billion devices and supported natively across major browsers and platforms, we believe it is only a matter of time before the world’s dependence on passwords becomes a thing of the past.
