Will it ever go away? The basic password is still alive and well.
Just like a boomerang, every time an attempt has been made to throw it away, it just keeps coming back.
Strong passwords, password vaults, even multi-factor authentication have done little to change the regrettable situation where so many people still “protect” (we use the word loosely) their accounts with a password that reads “1234” or “secret” (or “admin” if you’re working in the IT department).
But perhaps an up and coming field in cybersecurity, that of behavioural analytics, will finally offer the chance to stop the accident and incident prone password, once and for all.
The problems with passwords are well-known and have been publicly deplored by people as well-known and influential as Bill Gates.
People forget their passwords, write them down on sticky notes for all to see, cannot be bothered to define and remember strong passwords (which are often eminently hackable, anyway), use the same terrible password for multiple work and leisure accounts, or find it a chore to use multi-factor authentication.
People are too often naïve enough to give their user ID and password to a hacker using social engineering techniques. Fingerprint ID can be faked and having to read codes of mobiles and type them in again for access in multi-factor authentication is fastidious.
But could a new technology make it both simple and secure for people to access systems, without any of the hassle of these other solutions?
That is what behavioural analytics might do. BA focuses on how users and systems behave, typically establishing baselines of “normal” behaviour and raising alerts when a user or system goes too far beyond the boundary of normality.
By analysing a person’s past actions in a system, and making baselines for comparison, with data on anything from the number and timing of mouse clicks, to files accessed and machines used, a BA-driven security system might determine in real time if a user is authorised to perform the actions requested, and allow or block in consequence.
The user would have nothing to do, the system would know and act accordingly. So, could this finally be the end of the password?