{"id":83058,"date":"2017-04-02T22:46:48","date_gmt":"2017-04-03T02:46:48","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-11-28T16:09:58","modified_gmt":"2021-11-28T21:09:58","slug":"300-billion-passwords","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/300-billion-passwords\/","title":{"rendered":"300 Billion Passwords"},"content":{"rendered":"

\"Passwords\"The death of the password has been predicted for years. Bill Gates<\/a> predicted the death of the password<\/a> at an RSA Security conference<\/a> in 2004. In 2011,\u00a0IBM<\/a> (IBM<\/a>) predicted that biometrics would replace<\/a>\u00a0passwords by 2016. In case you haven\u2019t noticed in 2017 and passwords are still with us and they suck<\/a>. “It’s now years after those statements were made, and passwords are still in heavy use,<\/em>” Joseph Carson, head of global strategic alliances at Thycotic Software<\/a>\u00a0told<\/a> CSO<\/a><\/em>.<\/p>\n

\"Password\"A new report<\/a>\u00a0(Reg. Req.<\/em>) from cyber-security research firm Cybersecurity Ventures<\/a> says that the number of passwords<\/strong> in use will grow from about 75 billion today<\/strong> to around 100 billion in 2020<\/strong>. AND the number of passwords used by machines, such as IoT devices, will grow even faster, from around 15 billion in 2015 to around 200 billion in 2020, the report said. That is 300 billion passwords by 2020<\/strong>.<\/p>\n

And these numbers don’t include one-time passwords, SSL encryption keys, and other short-term credentials said Thycotic’s Carson. Thycotic Software<\/strong> sponsored the report.<\/p>\n

Mr. Carson told CSO the estimates come from worldwide statistics about the total number of computers, operating systems, servers, routers, and other technologies and applications that come with passwords or need users to create passwords to use them.\u00a0he added,\u00a0“Then there are the social media accounts<\/strong><\/em>, which have been growing significantly<\/em>.”<\/p>\n

\"\"The average user has over 25 passwords<\/strong>, he said. There’s no decline in the number of passwords, in fact, the opposite is the case.\u00a0“We find that the growth is accelerating at a massive pace,<\/em>”\u00a0CSO<\/em> observed that the use — and reuse — of all these passwords is creating an ever-growing attack surface of both human and machine-to-machine passwords. A record number of credential breaches were <\/strong>disclosed in 2016<\/strong>, Mr. Carson added — 3 billion<\/strong>, with 43% of people having had at least one password or credential stolen.<\/p>\n

A report<\/a> released by the Pew Research Center<\/a> said that for U.S. adults, the number was even higher. According to a 2016 survey, 64%<\/strong> said that they had personally noticed or been notified of a data breach<\/strong> that affected their accounts or personal data.<\/p>\n

\"Money\"<\/a>According to Mr. Carson, the financial damages of the breaches will continue to increase as well. Thycotic and Cybersecurity Ventures predicts potential damages from cyber-crime to reach<\/strong> $6 trillion by 2021<\/strong>.<\/p>\n

rb-<\/strong><\/em><\/p>\n

Looks like passwords are here to stay. Followers of the Bach Seat<\/a> know that passwords suck. I have covered a number of options to replace<\/a> passwords<\/a>. None of the biometric options have taken off as IBM had predicted.<\/em><\/p>\n

Where biometric authentication is deployed, it’s been as an adjunct to passwords, not a replacement. Passwords are used to set up the initial trusted relationship, and as a fallback when the biometrics fail. Mr. Carson concludes, “The biometrics are used for ease of access to systems … Biometrics will never replace passwords.”<\/em><\/p>\n

Related articles<\/strong><\/p>\n