Every single one of us will likely accumulate hundreds of online accounts in our lifetime, each one storing our personal data and each requiring a password. Trying to remember them all, while ensuring they are unique, complex and long enough to mitigate risk of exposure is no easy task. And so, on the first Thursday of every May since 2013, the world is reminded to reinforce their password security practices. This year, World Password Day fell on the 5th of May.
But maybe, it’s about time that we stopped relying on such a mechanism to keep our most sensitive documents and data safe.
Professor John Goodacre, director of the UKRI’s ‘Digital Security by Design’ challenge, and professor of computer architectures at the University of Manchester, offers his two-cents on the annual password awareness day:
“Online passwords were introduced in 1961 by Corbató at MIT. By 1962, a student worked out he could get unauthorised access by stealing passwords.
It’s been a never-ending fight to try to stop attackers breaking in through the front door with an unauthorised use of a password, or through a backdoor using a vulnerability exploit. How many more World Password Days are we going to need? Hopefully, not many.
Whether from guessing a password or watching for one to be entered or on traveling across the internet, passwords are increasingly known to be an unsafe mechanism to lock the front door. Adding a second lock on the door using two factor makes it more difficult to get in for the attacker, but also unfortunately, for the owner. Thankfully, various password-less schemes that recognises the identity of who is trying to gain access removes the risks and inconvenience of passwords.”
In fact, tech giants Apple, Google and Microsoft have come together this year to boost support for passwordless logins on mobile, desktop and browsers. In other words, passwordless authentication will be available across major platforms including Android and iOS mobile operating systems, Chrome and Safari browsers as well as Windows and macOS desktops.
According to the announcement, the partnership will allow users to automatically access their FIDO sign-in credentials, also known as a “passkey”, on many of their devices without having to re-enroll every account. Moreover, users will be able to use FIDO authentication on their mobile phones to sign in to an app or website on a nearby device, no matter the OS platform or browser it is running on.
As Professor Goodacre concludes, “hopefully, this will give the World Password Day a happy retirement – they’ve worked a long and hard career.”
Follow Innovate UK