Editor's note

August 2018

ISSUE 3

Cue forecasts that the end was nigh for passwords.
Passwords, we were told were broken. The average consumer had upwards of 20 passwords and millions of the passwords in regular use were very average.

Survey after survey reported with depressing regularity the unoriginal use of passwords such as 123456, qwerty and the most bonkers of all, the word password itself.

Estimates varied as to the percentage of data breaches resulting from weak or stolen passwords but figures as high as 60% or 70% were quoted.
The consumer press had great fun flagging up rankings of passwords lists of shame but to be fair, consumer behaviour provided plenty of ammunition.

There was also more than ample evidence to highlight the regularity with which consumers would contrive to forget their less than secure passwords.

And then there is the depressing wealth of data highlighting just how many consumers – anything from a third to one half – have never changed their passwords.

The ensuing debate about the pros and cons of competing forms of biometric security – fingerprints versus face technology and iris scans and heartbeat technology – has however been great fun to cover.

The only minor moan is that the debate seems to have been never-ending.

Old lags such as this writer have cuttings dating back to 2001; yes 2001, not a misprint on this very subject.

 I re-read an old article from 2001 the other day which kicked off with an apology to the reader, for revisiting the tired subject of passwords versus alternative, safer forms of security.

Jump forward a bit to 2008 and a strong piece in the New York Times forecast the death of passwords. In particular, it noted that Microsoft, Google and PayPal were blazing a trail in working together to adopt technology that would consign the password to history.

Much work remains to be done to shift consumer attitudes away from relying solely on passwords. There are however signs, belatedly, that our relationship with passwords as an online identity solution is changing.

A survey just published by Callsign reports that less than half of those polled in both the UK(45%) and US (44%) prefer using passwords and memorable information to access an online account.

Biometrics identification is a close second, with 32% of adults in the UK and 27% in the US preferring this method.

Behavioural identification, where a person’s typing rhythm, screen swipes or mouse movement is used, is a relatively nascent form of digital identification but finds favour with 6% of US respondents.

Traditional passwords are still favoured at work, reinforcing the fact that employees are often cited as the weakest link in corporate cybersecurity enforcement: knowledge-based identification was the most favoured by 56% of workers (58% in the UK and 51% in the US), while biometric methods were preferred by a mere 15% of workers.

TIPPING POINT

So are we reaching a tipping point for passwords with biometrics and behaviour based authentication on the rise?

As Verdict Payments goes to press comes news that streaming subscribers are costing service providers tens of millions by sharing passwords.

As many as 35% of US millennials are reportedly going to extreme lengths to share streaming passwords, in the process costing firms such as Netflix and HBO big bucks.

A crackdown on cable TV and streaming password sharing has been forecast for some time but has yet to gather pace.

If further evidence emerges of freeloaders sharing passwords to avoid paying for entertainment, we may just see another mail in the coffin for the password.

Douglas Blakey, Editor