Strong passwords alone might not be enough to solve all your security problems

passwords
(Image credit: italii Vodolazskyi / Shutterstock)

Despite being around for years, passwords are a relatively weak form of security, and many users are realising that they need other forms of protection to stay safe online, new research has found.

A report from the FIDO Alliance, an open industry association working to reduce the reliance on passwords, revealed that globally, a quarter (25%) of the population is using biometrics (fingerprints, facial recognition tech, and the likes) in some capacity. In the UK alone, biometrics are being used by at least 39% of people. 

The report warns that passwords are still susceptible to various forms of remote attacks, such as phishing, credential stuffing, or different ways of social engineering. As a result, many Original Equipment Manufacturers (OEM) and software developers are turning towards possession-based factors such as biometrics and security keys, for both B2B and the consumer market.

The report also found that UK consumers have “high levels” of awareness on the security issues of passwords, and that most of them are “actively” taking steps to protect their accounts from hackers and cybercriminals. 

Staying secure too complicated for some

That leaves almost one in eight that don’t take any steps to improve their online security. Most of them (43%) said they didn’t know how, while for others (30%) going about it was “too complicated”. Another 15% of these consumers said they didn’t believe a data breach, or hack, would happen to them.

To make sure small and medium-sized businesses remain secure, during this time of heightened cybercrime, experts suggest always deploying multi-factor authentication protocols, pairing passwords with at least one other authentication method. 

Drilling deeper into why people choose biometrics over other factors (MFA, tokens, or such), most consumers said they believed it was the most secure way. Still, 16% think passwords are the most secure authentication method, while 9% would choose SMS OTPs. Authentication software and physical security keys are still a long way from mainstream adoption, with 6% and 3% finding it the most secure method, respectively.

“Time and time again we see data breaches, ransomware and other attacks that leverage vulnerabilities associated with passwords and other ‘what you know’ forms of authentication -- including OTPs as a second factor,” said Andrew Shikiar, Executive Director & CMO of the FIDO Alliance. 

“The industry at large must shift towards possession-based factors such as biometrics and security keys that are not susceptible to remote attacks such as phishing, credential stuffing and various forms of social engineering that frankly are difficult if not impossible for the average user to detect"

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.