As the World password day approaches, held on May 1, cybersecurity experts warn that the concept of traditional passwords could be arriving at its expiration date. Although it was conceived as an annual reminder to improve the digital habits of users, today it is raised if it makes sense to trust a system that has proven to be vulnerable and predictable.

The password, far from evolving, have become fertile terrain for cybercrime. Despite the multiple warnings, such as those of the National Institute of Standards and Technology (NIST) in 2017, many organizations continue to demand complex but short keys, ignoring that length, and not complexity, is what really makes automated attacks really difficult.

«On many occasions, complexity is associated with greater security, although it is proven that length is a more effective defense against attacks such as brute force. Regulatory norms usually go one step back, while inherited systems impose technical restrictions, such as characters, which hinder the adoption of longer phrases, ”warns Marcos Jimena Jimena Cabezas, technical director of Zscaler in Iberia.

The future of passwords

The true Achilles heel, however, is in the ease with which passwords can be stolen or intercepted. The security gaps caused by attacks such as ‘Adversary in the Middle’ (AITM) are increasing, and not even the use of multifactor authentication (MFA) has been sufficient to stop them. “These methods are based on shared secrets that attackers can intercept, which makes even the accounts protected with MFA are susceptible to sophisticated phishing attempts,” Jimena warns.

To a future without passwords and safer

Faced with this reality, technologies such as Fido2, based on public key standards and physical devices such as USB keys or biometric authentication, arise as the strongest alternative. By completely eliminating passwords and avoiding the exchange of sensitive information, these solutions offer real resistance against phishing and other emerging threats.

“The truth is that complexity does not equals greater security. In fact, forcing users to use complicated authentication methods often leads to frustration and shortcuts such as reusing passwords,” concludes Jimen offer better security. ”

In this way, World password day could go from being an annual reminder to a symbol of the past, in favor of a new digital era where identity is protected with more robust, invisible and simple mechanisms for the user.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.