Death, taxes and … passwords — must we accept them?

More words have been written about love, but the subject of passwords surely is creeping up on it. Two new research reports and a notable nonprofit’s white paper add to the total, and the news is not good.

People and companies (but more so people) still pay too little attention to password security, resulting in an utterly needless loss of money and privacy.

At the same time, experts with the nonprofit World Economic Forum say passwords’ days are numbered, and they suggest that biometrics will end the days of trying to manage them.

That is probably true, but effective use of biometrics hardware and software is dismal among consumers, businesses and government.

Research by Precisesecurity.com, a security-software vendor, indicates — somewhat unbelievably at this time in Internet history — that bad passwords were the third-most-common reason ransomware attacks succeed edlast year.

In ransomware attacks, criminals get control of computers or entire networks and threaten to steal and sell or just delete victims’ information unless they are paid off.

The company, citing the UK’s 2019 National Cyber Security Centre survey, said 23.2 million accounts victimized by cybercriminals were protected by this password: 123456.

A third of last year’s ransomware attacks were attributed to weak passwords or poor system-access management, according to Precisesecurity.com’s research.

At 40 percent, memorization is the No. 1 way adults in the United States said they managed their logons in 2019, the company said. Almost as popular is writing the information down.

About 12 percent reported using a password manager or a similar application. About seven percent said they did not know how they tracked their logons.

Another market survey, this one from Montreal-based security vendor Genetec Inc., drilled further into the situation. Its researchers found that 23 percent of security-camera buyers have never set unique passwords for each device.

Genetec’s research was based on an unknown-sized sample of 45,000 security cameras that were connected to systems that are part of company’s opt-in product-improvement program.

The company found that older networked equipment too often is compromised because the same password is used for all devices from a single manufacturer. One compromised camera can be used for nefarious purposes or could even be used to bring down whole networks.

In fact, buyers have used default security settings that include admin logons that “often are publicly available on the manufacturers’ websites,” according Genetec.

Even well-crafted passwords can become useless when they are stolen.

More than 515,000 Telnet credentials recently were stolen, according to ZDNet. The credentials, which include passwords, expose Internet-of-Things devices, servers and home routers. The hacker who reportedly pulled off the theft posted them with a user name and password for the remote-access protocol Telnet. Combined, the information and Telnet access code could allow skilled criminals to take control of devices.

There might be an answer to all of this password mismanagement and theft, according to the World Economic Forum, an international group trying to foster cooperation on pressing problems between public and private sectors.

Forum researchers note that the practice of issuing passwords originally targeted employees needing access to their company’s digital resources.

“User experience was not a concern,” according to the researchers in an article distributed after the forum’s famed annual meeting in Davos, Switzerland, opened this week.

It is now, however, they said, and passwords have become a growing irritation for customers. The forum is pushing passwordless authentication, including biometric approaches.

Fingerprint and even basic facial recognition systems are increasingly found on smart phones, but they are not universal. And legacy business and consumer devices need to be updated with add-on systems that, for example, read fingerprints or irises.

Then there is the antipathy that some consumers show toward facial recognition. That’s primarily a phenomenon seen in the United States, but it is even cropping up in surveillance-sanguine China.

Article Topics

access management  |  best practices  |  biometrics  |  Genetec  |  passwords  |  World Economic Forum