The password issue

- [Instructor] If you are like me you have probably experienced what I call a password crisis. You log into your account and then click the field before thinking, what is the password? Then the crisis begins. You start by wracking your brain, trying to figure out that tricky combination, alphabets, numbers, symbols, uppercase, no lowercase, and it becomes a confusing and nerve-wracking experience. Soon begins the saga of a forgotten password, trying different permutations and combinations and ultimately giving up in sheer frustration. The process of requesting a new password starts the crisis all over again with the system urging for a stronger, but no, not the same password you apparently didn't remember the first time. By the end I am usually too exhausted to care about security and unable to venture beyond a basic password that is easy to remember because I've used it before. For years, we have considered passwords the most critical layer of security. From accessing emails to viewing bank account information almost everything we do on the internet requires us to use a password. Now like many of us you've used a password countless times and heard of the term before, but have you ever thought about what exactly a password is? Well, the word password can be traced back to ancient times where Roman soldiers would use pass phrases to prove they were a member of the unit. This early authentication system was used to guard access with the sole purpose of including and excluding people from certain areas, and providing a fast way to tell if someone was a friend or enemy. In today's world of technology, the concepts of passwords has not changed much. Passwords exist on the internet because possession of a secret knowledge provides us with a method to prove our identity. For example, you probably had to provide your credentials which typically could consist of a username and password combination to prove your identity before being granted access to this course. Now that we have a general understanding of the history and use case, let's dive into the key characteristics. A traditional password usually varies in length, contains a combination of letters, numbers, and special characters, are using conjunction with a username, and most importantly need to be kept secret from others unless authorized. These traditional passwords have been used as the first line of defense when it comes to protecting user accounts and applications against unauthorized access. But now these same passwords that are supposed to be the first line of defense have become prime targets and entry points for attacks. And while approaches to secure passwords are well intended, the mitigations are often incomplete with a large focus on areas such as enforcing complex password policies. Mitigation methods like this can actually have a negative impact resulting in bad password hygiene and users taking risky shortcuts like storing passwords in insecure locations, using weak passwords, sharing passwords with others, and finally reusing the same password and multiple applications. Think about it, do you have a unique password for every account that you've ever created? Now if you're thinking, oh wow, I do some if not all of those things, your behavior could result in attacks. So even though the goal of passwords is to protect accounts, improper use and bad hygiene have caused passwords to be the top method used to compromise accounts. To show this statistically, over 80% of attacks are caused by improper use of passwords. To make it worse there are 579 password attacks every second and if you're not practicing good password hygiene you could be next. With this information we can no longer trust that relying solely on traditional passwords is enough to fully protect accounts. Thus alternative methods must be used.