Cyber security experts say it's time to stop using passwords
Passwords are no longer fit for purpose and should be consigned to history, according to cybersecurity firm Thales. Thales' Digital Trust Index found that password resets are a top frustration for 64% of the public. They're not just inconvenient, but a security risk too with traditional passwords easily hacked or stolen.
"Every year World Password Day comes around, and every year we see the same advice about the need for strong passwords issued. The advice simply isn't working. Passwords are no longer fit for purpose - they're easily hacked and put too much onus on the end-user,” said Simon McNally, Cyber Security Expert at Thales.
Instead of the traditional password, the experts believe that we should use passkeys instead. A passkey is a new kind of digital key that aims to replace passwords entirely. Unlike a password, which is a secret phrase or code that you remember and type in, a passkey is a unique digital credential that is stored on your device.
Passwords rely on something you know (such as a set of characters or a phrase). These can easily be guessed or stolen, and in many cases used for multiple logins. On the other hand, passkeys involve something you 'have' (a digital key or credential), and something you 'are' (usually a face ID or fingerprint). These are harder for hackers to steal, and are unique for each site - so even if one became compromised, it won't jeopardise your other accounts.
McNally said: "If we need an awareness day, it's time to re-brand and highlight the importance of passkeys. Using cryptographic techniques, passkeys are harder to crack – making them far more secure. They're also automatically generated and can be safely stored on devices, making it easier for the consumer and eliminating the need to create long, complex passwords or phrases. Finally, passkeys enable greater privacy by granting authentication without handing over sensitive information – reducing the risk of data breaches.
"We're already seeing great strides in this area, with Google last year announcing that passkeys are now enabled by default for users, with Amazon and Apple adopting too. This is the type of development that needs to be promoted, which is why we strongly believe World Password Day should be consigned to the history books."
How can I set up passkeys?
This World Password Day is a perfect opportunity to implement passkeys where you can, with many companies having started to make them the default. The steps to get started with passkeys will depend on the accounts you have and the sites you use, but broadly speaking:
Check your accounts: Companies such as Google, Apple and Amazon, Sony, and Nintendo have started supporting passkeys with their software and services, making it easy to switch.
Set up passkeys on your devices: Whether it's your phone, tablet or computer go to the security settings and search for an option to create a passkey. Depending on your device this could be in security settings or sign-in options.
Set up an authentication method: If your device or OS supports this, then you'll need to set up an authentication method. This could be a fingerprint or a facial ID.