When computers were invented, the thought of protecting them amounted to keeping them locked in a room, usually in a government or academic setting. The main reason for this was that the early computers took up most of the space in the room. Physical security was important, despite the improbability of one of those massive machines being physically stolen.
Even in those early years, computers also required technical security to guard against unauthorized control. The use of passwords enabled all the security that was required. Then, for various reasons, the craft of guessing passwords to elevate permissions became popular, especially in academic settings. As computers became connected to the public telephone systems via modems, war dialing became the attack vector towards password guessing to gain unauthorized access.
Each advancement in computer technology also enabled better methods to guess passwords, which remained the primary protection against intrusion. There are some general best practices that can make the login process more secure while not creating the memory burden that is so often associated with passwords. Fortra experts offered the following advice:
Lisa Lombardo, Software Development Manager
"Passwords have some timeline left and when partnered with a second factor of authentication, the strength of the technology increases. Password manager tools have some great capabilities that people should leverage. In fact, many organizations introduce these tools across their workforce to increase security. Often, using more advanced security technology like passkeys as part of their professional life can influence a person’s behavior in their personal life. Banks and websites that control financial transactions may also introduce passkeys to the general consumer market. These technological advancements continue to provide a balance of improved security and ease of use."
Donnie MacColl, Sr. Director, Technical Support
"In 2011, IBM predicted that passwords would be obsolete in five years. They went on to posit that each person’s unique biological identity holds data. IBM envisioned biometric data that could be crafted into voice files, as well as retinal scans and facial definitions that could be composited through software to build an individual’s DNA “password.” While the prediction by IBM was partially accurate, other technologies, such as multi-factor authentication (MFA) have seen more acceptance.
On the horizon, the use of passkeys, similar to the way that public key cryptography works, may gain popularity. The method is where one part of the key is stored by the website or app you are accessing, and the private key is with you. The password is not dead, but on its own it will be."
Paul Dale, Manager, Professional Services
"Passphrases are much better than passwords, as they are longer and still easy to remember. Password managers are a step forward, as these not only generate random long strings, but they eliminate the problem of password reuse.
The future of passwords is clearly to move away from something that a person needs to remember. We also need to be conscious of the rise of AI, which can easily fool voice and facial recognition systems.
We will have to make some hard choices, allowing more biometrics such as iris scans for much closer uniqueness with a lower threshold of entry. We must always remember there’s never going to be a “perfect” solution. We will always need to balance security with ease of use."
Dario Sario, Sr. Manager, Professional Services
"Biometric authentication seems to be where we are headed. Having your cellphone with you and using it to authenticate using your thumbprint or face seems to be the norm now. Many security professionals believe that we need to transition into a fully passwordless solution through options like one-time passcodes, hardware tokens, and single sign-on. Behavioral biometrics — where the authentication is based on how you type, move your mouse, and other actions — could also become more feasible as a future solution."
Chris Hudson, Principal Solution Architect
"Going passwordless in the corporate world is going to be a big step but seems inevitable. However, there is so much architecture that will need to be redesigned for that to be feasible. Hopefully, the zero-trust initiative will help motivate this movement."
Raghu Bhat, Sr. Support Manager
"Authentication mechanisms are always evolving. While the current trend is to use MFA, this trend is also changing. MFA is very strong, but this too can be compromised. I see the future of passwords where biometric authentication, which is unique to the individual such as fingerprints, facial recognition, and iris scans can be more secure and user friendly as well. These methods will enhance the overall robustness of the current password scenarios."
Kelly Egnitz, Lead Technical Consultant
"Password requirements are becoming longer and more complex. But a password alone — regardless of length or complexity — is not enough to keep accounts safe. As attackers and their tools become more sophisticated, we need to do more. Best practices should include increased length and complexity, and somewhat frequent changes. Administrative accounts should have very strict requirements for passwords. As an extreme example, one customer I work with changes my admin password every 12–24 hours, and I must sign into a password vault to retrieve it. Other customers have similar processes, but I never even know that password.
MFA should also be in place for all businesses and password vaults are also very useful for storing passwords. Hardware tokens enable tracking capabilities for shared accounts. A token allows the sharing of a password, yet each unique token can be assigned to an individual to complete the login process.
I don’t see passwords going away completely in the immediate future, but I am seeing a lot more logins that require some other form of authentication."
Frédéric Laferrière, Support Manager
"There are many great ways to make passwords more secure and to augment the security they provide with MFA, biometrics, and even behavioral analytics. However, we must temper our optimism in the face of all the technological enhancements taking place. We should always anticipate what an adversary can do with the technologies that are meant to improve our lives.
Artificial intelligence is already proving to show great advances in medical diagnostics. Quantum computing is beginning to take shape. However, in the hands of a criminal, these technologies stand to challenge our existing safeguards.
Can we remain optimistic that security technologies will advance in tandem with these new innovations? AI may be able to create a deepfake, but it also has the potential to reveal the fraud. Quantum computing will be able to break a traditional password, but it also will open up new mathematical abilities towards better cryptographic possibilities."
Conclusion
Ask any cybersecurity professional about how to best protect the login process, and you are sure to hear many varying approaches. However, what stands clear is that passphrases are much better than the old method of difficult-to-remember character combinations. MFA is also among the highest recommended processes as well. While it is still uncertain where the future of login credentials lies, as technology progresses, we can be sure that new methods will emerge to better protect our digital access mechanisms.
Make Fortra Your Cybersecurity Ally
Our mission at Fortra is to help organizations increase security maturity while decreasing operational burden. Our vision is a stronger, simpler future for cybersecurity. Who’s with us?