World Password Day, which is observed annually on the first Thursday in May, is a great reminder that passwords continue to play a key role in keeping systems and data safe online. World Password Day is the perfect time to acknowledge the importance of the humble password and double down on our efforts to keep our passwords and digital identity secure.
Password Malpractice is Rampant
Since passwords are still very important and will be for the foreseeable future, both individuals and organizations need to keep them secure. However, Keeper’s Workplace Password Malpractice Report, conducted in February, demonstrates that password malpractice is leaving organizations vulnerable to cyberattacks. Here are some of the highlights:
- More than half of American employees (57%) are currently writing down work-related online passwords on sticky notes, and 67% have lost these sticky notes in the past, making it impossible to know who ultimately has access to potentially sensitive corporate information.
- Meanwhile, 62% of respondents use a notebook or journal to store logins and passwords, and the overwhelming majority (82%) say that they keep these notebooks next to or close to their work devices.
- This has become even more of an issue as many Americans continue to work from home. Most workers (66%) say that they’re more likely to write down work-related passwords while working from home, rather than in the office. In addition to writing down work-related passwords, U.S. employees are also currently saving their logins electronically in a variety of ways that present significant risk. Nearly half (48.9%) are currently saving work-related passwords in a document in the cloud.
- Half of the respondents (51%) say that they currently save their passwords in a document on their desktop while more than half of respondents (55%) currently save work-related passwords on their phone.
Special Offer: Get Free Family Plans for All of Your Employees When You Become a Keeper Business or Enterprise Customer.
Passwords Are Still Important, Even When Using Biometrics
“Passwordless technology,” such as biometric scanners, still depend on passwords to authenticate users. Fingerprint, iris, and facial recognition scanners don’t “replace” passwords; they just make it so that end users don’t have to keep typing them in all the time. The password is still being used for authentication; the end user just doesn’t see it.
Notice that when setting up biometrics, the authenticator requires the user to choose a password or PIN. In addition to enabling the end-user to bypass the biometrics and type in the password or PIN, the password or PIN is required. A look at how things work behind the scenes demonstrates why:
- The end-user scans their fingerprint, iris, or face.
- The biometric authenticator determines if the scan matches what it has on file.
- If successful, the authenticator decrypts the user’s password out of the device keychain and transmits it to the app, which performs a final authentication based on that password.
The passwords tied to these biometrics may be guessed or stolen. Databases containing biometric data can and have been breached. While a password can be changed if it’s stolen, a fingerprint, iris, or face can’t . For these reasons, biometrics should never be used as a stand-alone login option, only as part of a multi-factor authentication setup.
Even the Best Passwordless Technologies Rely on Good Password Hygiene and a Strong Encryption Platform
The best “passwordless” technologies still rely on password security and encryption platform such as Keeper’s solutions for individuals and businesses. In addition to abstracting away complexity by autofilling passwords (and even 2FA codes) on websites and apps, Keeper automatically generates strong, random passwords, making it easy for users to use strong, unique passwords for every site. As with biometric authenticators, the passwords are still there, but users don’t have to memorize all of them, and they’re stored within a secure vault that can be accessed from any device. Keeper supports biometric login with Windows Hello, Touch ID, and Face ID for convenient access.