Passwords under threat as tech giants seek tougher security / Photo: © AFP/File
-
Brisbane Broncos edge Storm in thrilling NRL grand final
-
Refreshed Sabalenka 'ready to go' after post-US Open break
-
Georgia PM vows sweeping crackdown after 'foiled coup'
-
Landslides and floods kill 63 in Nepal, India
-
No handshakes again as India, Pakistan meet at Women's World Cup
-
Georgia PM announces sweeping crackdown on opposition after 'foiled coup'
-
Syria selects members of first post-Assad parliament
-
Russian strikes kill five in Ukraine, cause power outages
-
World champion Marquez crashes out of Indonesia MotoGP
-
Babis to meet Czech president after party tops parliamentary vote
-
Death toll from Indonesia school collapse rises to 37
-
OPEC+ meets with future oil production hanging in the balance
-
Dodgers down Phillies on Hernandez homer in MLB playoff series opener
-
Philadelphia down NYCFC to clinch MLS Supporters Shield
-
Syria selects members of first post-Assad parliament in contested process
-
Americans, Canadians unite in battling 'eating machine' carp
-
Negotiators due in Cairo for Gaza ceasefire, hostage release talks
-
Trump authorizes troops to Chicago as judge blocks Portland deployment
-
Wallabies left ruing missed chances ahead of European tour
-
Higgo stretches PGA Tour lead in Mississippi
-
Blue Jays pummel Yankees 10-1 in MLB playoff series opener
-
Georgia ruling party wins local polls as mass protests flare
-
Depoortere stakes France claim as Bordeaux-Begles stumble past Lyon
-
Vinicius double helps Real Madrid beat Villarreal
-
New museum examines family life of Mexican artist Frida Kahlo
-
Piccioli sets new Balenciaga beat, with support from Meghan Markle
-
Lammens must be ready for 'massive' Man Utd scrutiny, says Amorim
-
Arteta 'not positive' after Odegaard sets unwanted injury record
-
Slot struggles to solve Liverpool problems after third successive loss
-
Netanyahu hopes to bring Gaza hostages home within days as negotiators head to Cairo
-
Ex-NFL QB Sanchez in hospital after reported stabbing
-
Liverpool lose again at Chelsea, Arsenal go top of Premier League
-
Liverpool suffer third successive loss as Estevao strikes late for Chelsea
-
Diaz dazzles early and Kane strikes again as Bayern beat Frankfurt
-
De Zerbi living his best life as Marseille go top of Ligue 1
-
US envoys head to Mideast as Trump warns Hamas against peace deal delay
-
In-form Inter sweep past Cremonese to join Serie A leaders
-
Kolisi hopes Rugby Championship success makes South Africa 'walk tall' again
-
Ex-All Black Nonu rolls back the years again as Toulon cruise past Pau
-
Hundreds of thousands turn out at pro-Palestinian marches in Europe
-
Vollering powers to European women's road race title
-
Struggling McLaren hit bump in the road on Singapore streets
-
'We were treated like animals', deported Gaza flotilla activists say
-
Czech billionaire ex-PM's party tops parliamentary vote
-
Trump enovys head to Egypt as Hamas agrees to free hostages
-
Arsenal go top of Premier League as Man Utd ease pressure on Amorim
-
Thousands attend banned Pride march in Hungarian city Pecs
-
Consent gives Morris and Prescott another memorable Arc weekend
-
Georgian police fire tear gas as protesters try to enter presidential palace
-
Vollering powers to European road race title
NYSE - LSE
Passwords under threat as tech giants seek tougher security
Fingerprints, access keys and facial recognition are putting a new squeeze on passwords as the traditional computer security method -- but also running into public hesitancy.
"The password era is ending," two senior figures at Microsoft wrote in a July blog post.
The tech giant has been building "more secure" alternatives to log in for years -- and has since May been offering them by default to new users.
Many other online services -- such as artificial intelligence giant OpenAI's ChatGPT chatbot -- require steps like entering a numerical code emailed to a user's known address before granting access to potentially sensitive data.
"Passwords are often weak and people re-use them" across different online services, said Benoit Grunemwald, a cybersecurity expert with Eset.
Sophisticated attackers can crack a word of eight characters or fewer within minutes or even seconds, he pointed out.
And passwords are often the prize booty in data leaks from online platforms, in cases where "they are improperly stored by the people supposed to protect them and keep them safe," Grunemwald said.
One massive database of around 16 billion login credentials amassed from hacked files was discovered in June by researchers from media outlet Cybernews.
The pressure on passwords has tech giants rushing to find safter alternatives.
- Tricky switchover -
One group, the Fast Identity Online Alliance (FIDO) brings together heavyweights including Google, Microsoft, Apple, Amazon and TikTok.
The companies have been working on creating and popularising password-free login methods, especially promoting the use of so-called access keys.
These use a separate device like a smartphone to authorise logins, relying on a pin code or biometric input such as a fingerprint reader or face recognition instead of a password.
Troy Hunt, whose website Have I Been Pwned allows people to check whether their login details have been leaked online, says the new systems have big advantages.
"With passkeys, you cannot accidentally give your passkey to a phishing site" -- a page that mimics the appearance of a provider such as an employer or bank to dupe people into entering their login details -- he said.
But the Australian cybersecurity expert recalled that the last rites have been read for passwords many times before.
"Ten years ago we had the same question... the reality is that we have more passwords now than we ever did before," Hunt said.
Although many large platforms are stepping up login security, large numbers of sites still use simple usernames and passwords as credentials.
The transition to an unfamiliar system can also be confusing for users.
Passkeys have to be set up on a device before they can be used to log in.
Restoring them if a PIN code is forgotten or trusted smartphone lost or stolen is also more complicated than a familiar password reset procedure.
"The thing that passwords have going for them, and the reason that we still have them, is that everybody knows how to use them," Hunt said.
Ultimately the human factor will remain at the heart of computer security, Eset's Grunemwald said.
"People will have to take good care of security on their smartphone and devices, because they'll be the things most targeted" in future, he warned.
N.Schaad--VB