Celebrating the 8th Annual World Password Day

Intel created World Password Day in 2013 to raise awareness about the role strong passwords play in securing all of our digital lives. Since then it’s taken on a life of its own, with thousands sharing tips for strong passwords worldwide. But today, it’s clear that a strong password isn’t enough to keep prying eyes from your online accounts. Securing our personal and professional accounts with a layer of multi-factor authentication is essential for basic digital hygiene. Ready to level up your logins? Check out our article on the future of passwords below, then celebrate World Password Day with us by sharing these password-themed tips and GIFs. Together, we can make the Internet a safer place for everyone’s data.

The Future of Passwords

For nearly 60 years, passwords have been the de facto method for users to authenticate themselves to a device or service. Passwords have, by now, become a simple concept to grasp: they are comfortable and familiar for nearly everyone. But while their simplicity and familiarity are a strength, passwords suffer from many weaknesses as well.

Are passwords obsolete?
The strength of a password relies on its secrecy. They can authenticate a user because, presumably, only the user and the service it logs into know that password. Unfortunately, this is rarely the case. We recycle passwords across multiple sites, write them down on a Post-It by the computer, or share them with friends. Even worse, passwords are leaked by the billions in data breaches on what feels like a daily basis. (To see if your data has been compromised in one of these breaches, it pays to check the website www.haveibeenpwned.com. If your email is there, change your password for the relevant account post-haste!)

So, are secure accounts a lost cause? Not quite. And this is where the future of passwords gets really exciting. Passwords are just one of many ways apps and services can authenticate people. When you combine your password with another step — called two-step authentication or multi-factor authentication — we can make the login process much more secure against unauthorized access.

Adding security layers to the password
Think of the password as your first layer of defense. With this in place, you’re ready to add layers of protection. The more important your account — like a bank or a stock trading app, or service or account you access for work — the more layers you might consider adding:

  • A two-factor authentication app
    Many sites and services, including Amazon, Dropbox, Google, and Microsoft, give you the option of using a two-factor authentication app. As the name suggests, two-factor authentication (2FA) enables a feature for online accounts that has you verify yourself in two ways: with a password and with a second “factor.” After you enter your password — the first authentication factor — the 2FA app on your phone generates one-time-use codes you’ll then enter to access your account.
  • Single-Use Code (via text message or email)
    After you enter your password -- the first authentication factor -- the second factor usually arrives by SMS or email. That is, you'll get a text with a numerical code that you'll then need to enter to log into your account. Unlike a PIN code for a debit card, a 2FA code is used only one time; each time you log into that account, you'll be sent a new code. One caveat: security experts agree that receiving codes via SMS is less secure than using an authentication app, explained below.
  • FIDO Security Key
    Based on standards from FIDO Alliance, hardware-based security keys provide a fast way to use two-factor authentication without relying on an SMS or push notification on your phone — it also may be the most secure method of 2FA. (How secure? A multi-year Google study showed zero successful phishing attacks against accounts authenticated with a FIDO Security Key!) Plus it's dead simple to use. No memorization. No links to click. Just press the button when you’re logging in, and you’re logged in securely. Many companies provide FIDO Security Keys, like Yubico, which offer different keys for devices with USB-A, USB-C, or NFC connections, while Google offers one that uses Bluetooth.
  • Face Recognition
    Rather than authenticating you with something you have (a Security Key) or something you know (a code), biometrics recognizing something you are: your fingerprint, face, a scan of your retina, or even your voice. There are many devices today that allow you to use the camera on your phone or computer to log in, providing strong protection for the apps and data stored on your phone or computer.

Beyond the Password
Is there a future with no passwords at all? The global technology industry is actively working on it through an industry group called the FIDO Alliance. Intel has been a board member of the FIDO Alliance for several years, collaborating with other security-minded companies to develop a standardized, simpler, and stronger way to authenticate users and to eliminate the need for passwords over time. While World Password-less Login Day doesn’t have the same ring to is as World Password day, eliminating passwords completely is not only more convenient — it’s more secure. FIDO standards enable password-only logins to be replaced with secure and fast login experiences across websites and apps using everyday technologies like smartphone and PC biometrics and FIDO security keys. There is a growing number of services offering FIDO logins today — you may already be using it!

The role of hardware
As you plan to adopt new ways to secure your login, you should also consider increasing safety at the machine level. The security of the hardware that stores your data is just as important as the technique you use to protect the logins that enable access. That’s why at Intel, we’re doing a lot to protect those credentials. For example, we look at Trusted Platform Modules and Client Virtualization to create hardened areas for sensitive information. There’s a very long history of Intel tech, like Intel® Hardware Shield on the Intel vPro® platform, that forms a foundation of trust.

Conclusion
No matter what the future holds for password usage, passwords themselves will remain a vital part of securing accounts and reducing the chance of cybercrime. As you celebrate World Password Day this year, take a moment to add a layer of security to your passwords. It only takes 5 minutes, but it may save you hours of headache down the line.

 

Notices and Disclaimers

Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.