According to NordPass, a security expert and password management company, the average person has more than 100 passwords. So it’s no surprise that tracking, remembering, and resetting passwords is becoming increasingly difficult and frustrating, as well as acting as an enormous time suck for consumers.
Globally, more than 16 billion hours are wasted annually by people trying to remember or reset passwords. But emerging password technology alternatives are saving consumers time and providing enhanced security for their online activities.
Survey results show majority of passwords are time-consuming and unsafe
Nordpass’s research also found that the average user has 25 percent more passwords now than at the beginning of the COVID-19 pandemic. And all those passwords are costing us valuable time. In fact, Americans typically spend more than 12 days trying to remember and reset passwords over the course of a lifetime. In the hierarchy of frustrations, users rate dealing with passwords higher than buffering videos, dropped calls, and badly-targeted advertising.
Furthermore, PC Magazine reports that the average American gets locked out of 10 online accounts in a month and spends about 10 minutes with each password reset. According to the same research, 65 percent will forget our passwords if they don’t write them down, 57 percent forget their new passwords as soon as it is reset, 64 percent avoid websites if they forget their login information, and 65 percent panic when they realize their device or computer didn’t save their password.
Another issue with passwords is that they can be easily hacked, sometimes in as little as under an hour. Longer passwords are harder to hack, but not impossible. Plus, they have the added inconvenience of being harder to remember and enter. Some organizations are starting to use passphrases - strings of words and symbols 15 or more characters in length - to improve security. They are much harder to crack through brute force hacking attempts, and may be easier for users to remember. But if the user chooses a well-known phrase, such as a popular song title, a smart hacker will be able to crack it pretty quickly.
Overall carelessness with passwords, also known as poor password hygiene, is a concern as well. A recent survey of 500 consumers found that nearly four out of five were forced to reset at least one password in the previous 90 days. The same study showed that 57 percent had to reset their work passwords in the same time period. When they reset their passwords, they often used passwords that were very similar to their old passwords so they would be easy to remember. Many people (72 percent) used the same password for some or even all of their accounts.
Many of us also keep a personal password database, either electronic or hard copy, but in both cases unprotected. Meanwhile, only 30 percent have password managers installed on their devices. A password manager is an app that uses password sharing to keep track of a user’s passwords and enables them to log into multiple accounts using one overarching master password.
Resetting passwords for both employees and customers is expensive and resource-intensive for companies. According to research conducted by Verizon, 81 percent of breaches among employees occur due to poor password security. And from a customer perspective, it’s estimated that lost or compromised passwords cost companies an average of $5.2 million a year through abandoned online purchases and time-consuming interactions with help desk personnel.
Password alternatives are becoming more readily available
If passwords are not providing the security and convenience that consumers need, then what alternatives are available?
Asking questions that only the user is likely to be able to answer, such as a childhood friend’s first name, first car, hospital of birth, etc., is already used in combination with passwords as a multifactor authentication method.
There are other multifactor authentication methods available that avoid passwords and one-time passwords altogether. These include email or social media authentication, where users can sign up for, or log in through a social login or email account, or using a security key.
Biometric authentication is rapidly gaining in popularity, as facial recognition, voice recognition, and fingerprint reader technology continues to improve and become widely available via mobile devices. Fingerprint and retina scanning are also included in this category.
Another aspect of biometric authentication that’s gaining currency is behavioral authentication. Touch technology is getting better at determining the unique ways in which we handle our devices. It’s now possible to look at data points within a user’s device, including the amount of pressure used on the screen when typing, which hand is being used for typing, and other information that is gleaned simply from how our hands and fingers interact with our devices.
The time to go beyond passwords is now
Passwords have passed their prime. They’re a drain on the wallets of consumers and businesses, suck up excessive amounts of time, and lead to enormous amounts of frustration for everybody. Because they’re a hassle to remember, passwords are commonly recycled, users choose simple ones that are easy to hack, or password reset requests are repeated over and over. The future of better security and a smoother customer experience lies within complex passwords, multifactor authentication and biometric authentication, and finding the right balance so that every party’s needs are met.