They’re so ingrained into our everyday lives, that most of us never question them. But there’s no doubt that passwords are a pain in the proverbial. There’s nothing worse than wanting to access one of your accounts in a hurry (it’s always in a hurry, right?), only for your password not to work, and then having to go through the rigmarole of changing it, for the ten millionth time. Your user experience is shot, you’re frustrated, and worst of all, you could be putting your data security at risk
You’d have thought with all the amazing technology at our disposal, more companies would have done away with passwords by now. So, will we ever see the back of them?!
At the moment, there's no single 'silver bullet' to replace or strengthen password authentication across the board. And where it is available, there’s sometimes a reluctance to introduce more advanced authentication due to the impact on customer experience, the complexity of implementation and maintenance, and therefore the ROI of doing so.
So what options are currently out there?
These are one of the best ways of bolstering password security, requiring you to pass 2-Factor (2FA) or Multi-Factor Authentication (MFA) alongside your usual secret word. By asking you to provide increasingly granular personal information to prove you are who you say you are, they are significantly more difficult for hackers to break through. So, you should always enable it where you can.
Mobile link ups
Text message-based two-factor authentication has become very popular in recent years however, while it is convenient and superficially useful, it actually isn’t especially secure given the ease with which mobile numbers can be ported to another device. Yubico’s Yubikey is a good alternative, using a secure offline ‘key’ for identification purposes - as is Google's new entrant (in partnership with Yubico), Titan Key. Google claim to "have had no reported or confirmed account takeovers due to password phishing since we began requiring security keys as a second factor for our employees"
The most UX friendly option has to be biometrics (finger-print analysis, face recognition, iris-scanning etc.), so you physically ARE your password. These can also operate alongside behavioural analytics conducted by the organisation, to provide a 'confidence rating' that you (and not a 'bot) are accessing the service. Having said that, whilst biometrics instinctively feels like the panacea for secure authentication, the challenge is that the ID information is still stored as digital bits and bytes – which can get stolen like any password. If that data is captured during a ‘hack’ then it’s pretty tricky to change your DNA finger-print, or iris further down-the-line!
While passwords don’t look like they’re going anywhere anytime soon, the perfect solution right now is to use a password manager. By creating and storing super secure passwords for you, and then automatically entering them when required, they are a great way of combatting password panic. You can also use handy password changer tools, which allow you to update all your passwords in one click.
So, in conclusion, it looks like we’re all going to have to put up with passwords for a fair while longer – sorry about that. But that doesn’t mean there aren’t numerous ways of making them less of a hassle and more secure for you and your team. Our recommendation: enable two-factor verification wherever you can, and get that password manager installed sharpish!