Passwords have been a primary authentication method for too long. It’s time to recognise their significant disadvantages. Even in the early days of computing, passwords have not worked well. The suggested solution: A World Password Day. Here’s what you must know about it, why we think it isn’t good for you and what we suggest instead.
What is World Password Day?
It all began in 2005. In his book Perfect Passwords, security researcher Mark Burnett first encouraged people to have a “password day,” where they update important passwords. Intel Security liked this idea and declared the first Thursday in May World Password Day in May 2013. The goal is to create awareness of the need for good password security.
On World Password Day, users are encouraged to:
- change an old password to a long one (at least eight digits)
- turn on two-factor authentication for important accounts
- password-protect their wireless router
- Not store passwords on their computer or phone
- log off when they’re done with a program
- periodically remove temporary internet files
We think Password Day reinforces a security system that has outlasted its welcome.
Passwords have too many disadvantages to mention, but we’ll outline a few:
Passwords are easily hackable
One of the biggest problems with passwords is that they are easily hackable. Most people use simple, easy-to-guess passwords such as “123456” or “password” that can be cracked in seconds using automated tools that try many commonly used passwords.
But it gets worse. A recent Google study found that an unbelievable two-thirds of people in the US use the same password across multiple accounts. That creates a significant security risk: A hacker who gains access to one account can potentially gain access to multiple accounts. That can lead to credential stuffing. Credential stuffing is when hackers “stuff” previously stolen login credentials into other websites until they find matches.
For example, if you used the same password for an online shopping account and your online bank account, a cybercriminal could figure out which bank you use and have the login credentials they’d need to access it. That can’t happen with MIRACL: Our digital signing feature allows you to cut fraud by binding transactions irrefutably to the user.
But using passwords at least eight characters long should protect you against that, right? Wrong. More complex passwords that include a mix of uppercase and lowercase letters, numbers, and special characters can be more challenging but not impossible to hack.
Brute force attacks, in which an attacker tries all possible combinations of characters until they stumble upon the correct password, can still be successful against complex passwords. That just may take longer.
Another way that hackers can crack complex passwords is through dictionary attacks. They involve using a pre-built list of common words and phrases to try and guess your password. While a complex password might not be in the dictionary, it’s often comprised of common words and phrases that hackers can easily guess.
For example, if your password is “P@ssw0rd123”, it might be cracked by a dictionary attack because it contains common words like “password” and “123”.
And if your complex password cannot be cracked through brute force or dictionary attacks, there are still other ways a hacker can access your account.
Phishing attacks are another common method used to hack passwords. In a phishing attack, the attacker sends a fake email or message to trick the user into providing their password or other sensitive information. These attacks can be difficult to detect and successful even against strong passwords. And they are on the rise: We have seen a 61% increase in phishing attacks compared with 2021.
To combat this, MIRACL uses the concept of zero-knowledge proof to authenticate users without exposing any sensitive information. Since no security-related information is stored on our servers or yours, there is nothing for hackers to steal, and they move on to greener pastures.
Passwords are hard to remember.
But the biggest risk is the human factor. More complex passwords are often harder to remember, which leads to people using the same password for multiple accounts or writing it down in an insecure location. A recent survey among 1000 Americans showed that 32% jot passwords down on a piece of paper, and 41% just rely on memory, the worst solution of all: Four out of five of us have forgotten at least one password in the last 90 days.
That can’t happen with MIRACL: One PIN, and you’re in. It enables and disables your unique cryptographic key and is never shared with anyone, including MIRACL.
Passwords are inconvenient.
Passwords can be highly inconvenient for users, especially when they must change them frequently or use different passwords for different accounts. That can lead to frustration, lost productivity, and an increased risk of password-related mistakes. MIRACL makes login a breeze: Our login success rate is 99.9% - the highest in the industry. That means more convenience for the user and potentially higher revenue for companies as their customers are less likely to leave their website.
By removing the password and replacing it with MIRACL, you improve the online experience and data safety at the same time.
The future is passwordless
The World Economic Forum also thinks passwords are outdated and has proposed six principles to guide and advocate a passwordless future. MIRACL aligns with all these six principles.
Passwordless authentication should be based on secure and reliable methods, such as biometrics or hardware-based security keys. These methods are more difficult to hack or impersonate than passwords, making the authentication process more secure. MIRACL does more than that: cryptographic technology means that user info stays with users. But our users don’t need clunky security keys or physical tokens.
Passwordless authentication should prioritise users’ privacy by collecting only the necessary information and ensuring that it is kept secure and confidential. MIRACL already follows this guideline: No security-related information is stored on our servers. Authentication happens on the device itself, so we don’t need to know your PIN.
Passwordless authentication should be designed with sustainability in mind, reducing the environmental impact of authentication methods. By reducing the need for physical hardware and minimising the use of energy and resources, MIRACL is more sustainable than alternative methods.
Passwordless authentication should be accessible to everyone, including people with disabilities, non-native speakers, and those with low digital literacy. It should be designed to accommodate diverse user needs and provide equal access to everyone. MIRACL is simple to use and operates on 100% of browsers and devices, even your smart TV, so that users can adapt it to their needs.
Passwordless authentication should be scalable, meaning it can be used for small and large organisations. It should be easy to implement and manage, regardless of the organisation’s size. MIRACL users can scale organically and only pay for what they use: no up-front costs and no hidden fees. Your security can grow together with your business.
Passwordless authentication should be user-friendly and easy to use. It should provide a seamless and consistent user experience across all devices and applications, reducing the need for training and support.
With the world’s fastest single login MFA and the highest login success rate in the industry, MIRACL offers a safer, smoother user experience than other passwordless authentication methods.
In conclusion, passwords have significant disadvantages and are no longer fit for purpose in today’s digital world. That’s why MIRACL suggested an alternative to Password Day:
We think it’s time to say Goodbye for good to passwords. That’s why we created Passwordless Day on June 23rd. As Rob Griffion, CEO at MIRACL, points out:
“In essence, the password is to user security what the cassette player is to music: outdated, inefficient, and prone to failing at the worst possible moment. It’s time we embrace the future. It’s time we go passwordless.'
How can you participate in Passwordless Day?
- Burn your password notes. We’re serious. It’s time to let go of those sticky notes next to your desk or in your wallet. Otherwise, you could end up like this.
- If you haven’t yet, try out passwordless login on our website.
- Please share on social media all the reasons why we should all go passwordless. You can access social media templates and a toolkit provided by MIRACL for inspiration here.