Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

Why Is Passwordless Access A Good Thing?

Another account…another new, unique, hard to crack, extra-long; make sure you include numbers and symbols, and turn it into a passphrase, password. And make sure you aren’t re-using any piece of any other password that you’ve created. Oh, and make sure you can remember it!

computer_password_crossed_out

Ugh! The amount of thought that needs to go into a password is tiring, stressful and at times frustrating. Because guess what, in some cases, you may need to come up with a new one in 60 days for that same account. It feels like a never-ending cycle (mostly because it is).

And to top it off, passwords can still be hacked, and can give hackers access to your accounts and organizations.

According to the Verizon 2021 Data Breach Investigations Report, 61% of breaches are attributed to leveraged credentials (i.e., login information like passwords).

How Passwords can turn into a Breach

But how can passwords that presumably only the owner knows turn into a breach? A few ways:

  • Passwords are weak, or passwords follow a pattern that you might think is clever and hard to crack, but it’s not.
  • Phishing scams lure people into sharing their passwords, or typing them into a spoofed website.
  • Passwords leverage personal information, like a pet’s name – personal information is on your social media accounts, and can uncover your password.
  • Automated password spraying (yep, sounds weird), allows a hacker to quickly and automatically try multiple password options in rapid succession.
man and woman looking into a valley of forgotten passwords

Couple all of this with the fact that the attack surface for a hacker has grown exponentially since the transition to remote work, and you pretty much have a hacker’s dreamland.

According to Microsoft, 579 password attacks take place every second. That equals 18 billion attacks in one year.

But, some companies have been taking note. Microsoft, for example, has recently launched a passwordless account option for its users. It started as a corporate initiative and recently rolled out to the general public. Instead of using a password to access their services, users are able to sign-in using one of four methods:

  • Microsoft Authenticator app, which produces a unique numbered login every couple of seconds.
  • Windows Hello, which uses facial recognition, a fingerprint or a unique pin to login.
  • External security key, which is like a USB drive with stored login information.
  • A registered phone number which will receive a verification code from Microsoft when logging in.

Options that focus on Cybersecurity

Four options, that focus on cybersecurity, while taking the headache and the potential access point of a password out of the equation. And, it’s pretty easy to make the switch:

  • Ensure you have the Microsoft Authenticator app installed on your phone, and that it is linked to your account.
  • Visit accounts.microsoft.com and log in to your account.
  • Go to Security > Advanced security options. Scroll down to the Additional security section.
  • Turn on the Passwordless account option. Follow the on-screen steps.
keyboard with passwordless on enter key

And, while Microsoft seems to be the early adopter when it comes to passwordless access, it is expected that Google and Apple will follow a similar path (they’ve already started down this path with authentication via other devices).

So, should you scrap all of the passwords that you’ve created over the years? Not quite yet. While some organizations are transitioning to passwordless entry, it will take time for others to fully vet and adopt similar points of access.

So, should you scrap all of the passwords that you’ve created over the years? Not quite yet. While some organizations are transitioning to passwordless entry, it will take time for others to fully vet and adopt similar points of access.

Best Practices for Creating Unique Password

Which means, we still need to be hyper-sensitive when it comes to creating unique password and follow a few key best practices:

  • Create a long password
  • Include a combination of upper and lowercase letters, numbers and symbols
  • Use a passphrase (combination of words that create an odd phrase)
  • Create different passwords for each of your accounts (do not re-use passwords)
  • Use words and phrases that are not personal (skip the pet names, kid names, birthdates, etc.)
  • Keep them secret (i.e., don’t share your passwords with others)
  • If you think you’ve been compromised, change your password immediately

A passwordless future seems to be on the horizon. And, based on what we know about how passwords can be easily hacked, we think it’s a welcome, and necessary change. Anything that makes a hacker’s life more difficult is a good thing.

Need Cybersecurity help NOW?  Contact us now at (628) 867-6130 or [email protected]. Intivix is your San Francisco-based expert cybersecurity team ready to get to work for you.