The Future of Passwords

Srinivas Rao
Insights
| 3/21/2023

Compromised passwords are responsible for 81% of all data breaches. Compromised passwords impact both individuals and organizations, resulting in data loss or reputation and financial loss.

Crowe MacKay's Technology Consulting experts share how the future of passwords is changing and what actions you need to take to keep your personal and business accounts secure. If you require assistance, connect with us in Alberta, British Columbia, Northwest Territories, or the Yukon.

The Current Password Landscape

Strong password policies are standard in the enterprise world. Most organizations enforce strong password policies and educate employees on password best practices. As an extra measure, password management solutions are deployed to help employees cope with the hassle of creating multiple passwords. They come with their own set of vulnerabilities and issues, which are discussed in more detail below.

Most strong passwords, even with the added complexity of uppercase and lowercase letters, numbers, and symbols, are not difficult to crack. A lucky guess with some light doxing could make you vulnerable. It’s really not your fault; passwords are meant to be remembered, and that’s what makes them predictable.

There is too much individual responsibility and blame on you. You are not supposed to use easy-to-guess passwords like “P@$$w0rd!” or reuse your passwords on multiple sites. It is impossible for an individual to create and remember hundreds of complex passwords. Requiring that you create a unique, complicated password on tens or hundreds of digital accounts is error-prone and hugely annoying. Most advice you hear about passwords from security experts is unrealistic, scolding and, in many cases, outdated.

In the long term, passwords will be replaced by one-time passcodes, fingerprints, and face recognition as proof that you are who you claim to be. More and more websites are adopting these techniques to replace passwords. 

However, for now we recommend you use one of the techniques below to add an extra layer of security to your accounts. 

Make Your Accounts More Secure

Cyber security

Create Longer Password Phrases

Passwords with 16 characters or more are the most difficult to crack. Use phrases like “HumptyDumptyS@tOnaWall” with a number and a symbol replacing a couple of letters. Or, put together four unrelated words into nonsense like “Sp00nKey$MonitorPhone.” Not all websites let you set passphrases as your passwords because of restrictions of obsolete systems and/or security guidelines. However, if you’re making your accounts more secure, start by creating strong passwords or passphrases for your most important accounts such as email, financial accounts, and password managers. 

Use Two-Step Authentication on Your Important Accounts

Two-factor authentication requires a password plus a second step, such as a texted code, to log into your account. This increases the security of your account than logging in with just a password.

If you can manage it, add two-step authentication to all your important accounts like email, bank, and social media accounts. This is a common online security feature that many don’t implement because it takes work and requires having a second device with you at all times. Two-factor authentication isn’t always an option for all online accounts. You can see if your online provider offers two-factor authentication here.

Using a dedicated app for one-time codes like Authy, Google Authenticator, or Microsoft Authenticator adds additional security compared to receiving codes by text. 

Woman on computer

Use a Password Manager

A password manager generates strong passwords on each of your accounts, stores them in a digital lockbox, and fills them in automatically when you are logging into a website or an app. You need to create a single password to your password vault and the service saves the rest.

Password managers are not easy to set up. Before you buy one, you have to make sure that they are compatible with all your devices and the browsers you use. It will also require setup on each device.

Remember: Password managers are not foolproof! A data breach at “LastPass,” a password manager, allowed hackers to back up vaults containing encrypted user data such as passwords, email addresses, billing information, and IP addresses. 

Use Passkeys

Some apps allow you to log in just with your fingerprint or face scan; however, this mostly works on mobile devices (phones, tablets, MacBooks, and some Windows laptops).

Microsoft now allows you to log in to your account without a password using their authenticator app on your phone. This requires you to unlock the Authenticator app with your fingerprint or face scan.

This password-less system known as “passkeys” uses proven cryptography practices and is more secure than the password systems in use today. Hackers also cannot steal passwords or trick you into giving them away if there are no passwords at all. 

 

Specific professional advice should be obtained prior to the implementation of any suggestion contained in this article. Contact your Crowe MacKay advisor for more information.


Crowe MacKay’s Technology Consultants have decades of experience advising clients on how to protect and enhance their business through the implementation of new technology-centered strategies. We work with you to ensure your digital transformation not only meets your business’ needs but exceeds your expectations.

Subscribe to Our Newsletter
Receive insight from our advisors that will help you make smart decisions that provide lasting value.

Srinivas has more than 23 years of technology industry and consulting experience, working with senior management teams in developing operations and systems strategies; transforming core business operations and integrating technology solutions. His work has spanned industries such as real estate, power and utility, telecommunications, healthcare, manufacturing, banking and the public sector.
Srinivas Rao Technology Advisor
Srinivas Rao
Director, Business Solutions
Vancouver

Let's Discuss!

Connect with a trusted Crowe MacKay advisor to discuss your specific situation by calling us toll-free at 1 (844) 522 7693, emailing [email protected], or by completing the form.
* Required