Annoying passwords are on their way to becoming extinct

With employees open to the idea of biometrics, it’s time for businesses to reassess how they handle cybersecurity, says Dell Technologies

25 January 2022 - 11:26
By Chris Buchanan
For most of us, selecting and managing passwords is not a priority, it’s an annoyance.
Image: 123RF/rawpixel For most of us, selecting and managing passwords is not a priority, it’s an annoyance.

Imagine it’s October 2050 and a school class is on a “Cybersecurity Awareness Month” field trip at the local museum.

Suddenly, a student staring at some strange combination of letters, symbols and numbers, asks their teacher, “what’s that?”

“Oh, that’s a password,” the teacher says. “Your parents used them to access their devices and applications. They’ve since become extinct.” 

Passwords extinct? How did we get there? The answer is simple: biometrics and digital certificates.

But let’s not get too far ahead of ourselves. Instead, let’s jump back to 2022. 

The challenge with passwords

Too many passwords are a nuisance — let alone creating and remembering strong passwords that adhere to specific requirements. 

According to a survey from the University of Stellenbosch Business School, which sought to determine the security education, training and awareness needs of South Africans, a mere 5.3% of respondents believed they had absolute knowledge of proper password practices. Only 2.8% displayed a perfect “security first” aptitude when selecting and managing passwords.

About the author: Chris Buchanan is client solutions director at Dell Technologies SA.
Image: Supplied/Dell Technologies SA About the author: Chris Buchanan is client solutions director at Dell Technologies SA.

In addition, the worldwide Dell Technologies “Brain on Tech” study found that when users were presented with a long, difficult password to access a computer under time pressure, their stress levels increased by 31% within five seconds and continued to rise even after they'd successfully logged in. 

These results reinforce that for most of us, selecting and managing passwords is not a priority, it’s an annoyance. Whether you reuse the same password repeatedly, use weak passwords or write them on a sticky note, many of us are doing exactly what we have been told not to do.

To increase security, organisations typically enforce “good password hygiene” by requiring employees to update passwords on a regular basis and adhere to minimum requirements to create strong passwords. However, this doesn’t prevent employees from engaging in behaviours that compromise security for convenience. 

Concerningly, these behaviours are not just reserved for working adults. A recent study by the Scientific Electronic Library Online (SciELO) SA, which analysed students’ cybersecurity awareness at a private tertiary educational institution, showed that most students found it difficult to remember complex passwords and so they used simple ones like their names.

So, if most people understand the importance of good password hygiene but no-one feels obligated to practise it, where do we go from here? 

Enter biometrics 

The idea of using biometrics to identify an individual is centuries old. There is evidence that fingerprints were used as a person’s mark as early as 500 BCE and that biometric technology existed for several decades prior.

However, it wasn’t until the early 2000s that technology really started showing up in end-user devices. Today, advanced biometrics security features such as fingerprint readers and facial recognition are readily available on mainstream business laptops and smartphones.

You may be asking, “why is the use of biometrics more secure than passwords?” Passwords are a string of characters which are validated by a website or service to allow a user access. Strong passwords are designed to be difficult to guess or replicate, but even the most complex passwords can be stolen or compromised. That’s why the use of multi-factor authentication is required.

There are three possible factors of authentication that can be incorporated in this process:

  1. Something you know (your password/PIN),
  2. Something you have (your device or security token), and
  3. Something you are (your fingerprint or face, in other words your biometrics).

Of these, authenticating a user’s biometric match is the most difficult scenario for a cybercriminal to duplicate. Once the local authentication is performed, a secure digital certificate is released to the website or service for user authorisation.   

Employees are open to the idea

What seemed like a novelty just a few years ago when we first saw people simply look at their smartphones to unlock them has become commonplace. And as biometrics continue to gain popularity as a secure form of automated user recognition, easily compromised passwords will become much less appealing to consumers and enterprises alike.

In fact, the Dell Technologies “Biometric Usage” study found that at US businesses, where PCs with biometric security are available, about 80% of employees reported using these features. Furthermore, 64% of employees whose PCs don’t have these features said they’d use them if they were available.

Research found that at US businesses where PCs with biometric security are available, about 80% of employees reported using these features
Dell Technologies ‘Biometric Usage’ study

And that’s not just out of convenience; workers also believed that those features could help keep company data safe. This, in turn, enhances trust among IT administrators that the devices and users on their network are authentic.

Given the overall openness of employees to leverage biometric security features on PCs, there’s a real opportunity for biometrics adoption to continue increasing in businesses, especially as Gen Z enters the workforce.

These digital natives grew up accustomed to using fingerprint readers or facial recognition on their smartphones and probably wouldn’t think twice about using the same technology on their PCs and other devices.

So, it’s time for organisations to reassess how they handle security on employee devices and consider incorporating biometrics for their next PC refresh cycle. 

Until then

We still have a way to go until passwords are obsolete and become a museum exhibit, but as biometric technology becomes more sophisticated and more widely adopted, it’s only a matter of time until we can blissfully forget about remembering complicated passwords without compromising security.

In the meantime, there are simple ways all of us can keep our data safe without passwords raising our stress levels. These include: 

  • Using a password manager to create strong passwords and storing them in a secure location; and
  • Using multi-factor authentication as well as digital certificates for identity verification and secure communication. 

As we look towards a password-less future, it’s up to each of us to do our part and be cyber smart. 

Click here to learn more about how Dell Technologies builds security features, such as biometrics, into their devices.

This article was paid for by Dell Technologies SA and Intel.