They advance towards an end, but users stop the transition
Passwords are usually weak and reused, and experts warn that hackers decipher them in minutes.
The announced end of digital passwords, a connection system considered unreliable by experts and large technological ones, clashes with the difficulty of users to adapt to new systems.
“The password era is coming to an end,” two Microsoft managers, who like the rest of large technology promote safer systems, such as fingerprints, fingerprints, facial recognition or the system of the so -called “access keys” wrote in December.
The American giant wants “safer” solutions and has been preparing for years. Since May, new users’ accounts work by default with more sophisticated connection systems than traditional passwords.
In France, the Tax Agency reinforced its computer security policy, forcing users to validate their connection with a code they receive by email, in addition to the password.
Weak passwords and mass leaks
“Passwords are usually weak and reused,” explains Benoît Grünemwald, an expert in cybersecurity of the ESET company, and remember that hackers can decipher in minutes or even in seconds those that have less than eight characters.
In addition, they are a frequent objective of data leaks “when they are poorly stored by those who are supposed to protect and save them,” says Grünemwald.
In June, researchers from the Cybernews medium discovered a gigantic database with 16,000 million user names and passwords from pirate files, one more test of the magnitude of the problem.
The alternative: access keys
The Fast Identity Online Association Alliance (FIDO), which counts among its members to Google, Microsoft, Apple, Amazon and Tiktok, works to encourage the adoption of connections without password and promotes the use of access keys.
This system uses an external device, such as a phone, to authorize connections using a PIN code or a biometric connection (fingerprint or facial recognition), instead of the password.
A way to protect Internet users, emphasizes Troy Hunt, responsible for the Haveibeenpwned site (“I have been a victim?”, In English), because “with access keys, you can’t accidentally give your key to a malicious site.”
Goodbye to passwords? Not so fast
However, for the Australian expert this does not mean the end of the passwords: «Ten years ago […] People said ‘will we continue to have passwords in ten years? ”, And the reality is that we have more passwords than ever,” he says.
Although large platforms reinforce the safety of connections, many websites continue to work with simple passwords. And for users, the transition is not easy.
The access keys require installing a specific system and, if the password is forgotten or the phone registered as a trust device is lost, it is more difficult to recover it.
“The advantage of passwords, and the reason we continue to use them, is that everyone knows how to use them,” Hunt emphasizes.
