Is your password qwerty123?

Welcome to the new 192 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📢

Passwords. 🔒

Why? 

Because we asked Isabelle Meyer (Co-Founder and Co-CEO at ZENDATA Cybersecurity) if there’s one thing she wishes everyone knew about cybersecurity, and she said:

“For everybody: please have good passwords. But we’ve been saying this since the 1970s.”

And it’s true: 

Cybersecurity professionals have been talking about passwords for a very long time – but the conversation is just as relevant today as it was decades ago. 

People used passwords long before the internet 🕯️

They’re part of our daily lives now (often a slightly frustrating part – but they’re there all the same). But we didn’t just start using passwords when we started using the internet; they’ve been a part of human culture for thousands of years. 

One of the earliest recorded uses of passwords dates back to the Roman Empire. Soldiers would use code words, known as ‘watchwords’, to identify other soldiers on their side, and figure out when an enemy had disguised themself as a friend. They changed these watchwords every single day to ensure they couldn’t be leveraged by enemy actors.

It was a simple but effective layer of protection – and laid the foundations for today’s passwords, which are similarly simple yet (when they’re done well) effective.

The first password used in the development of computer technology was reportedly created by computer scientist Fernando Corbató in 1961. The intention was to enable a number of different people to have unique access to a common disk file on a shared mainframe.

“People weren’t used to sharing in those days,” he told the Wall Street Journal. “It was just an attempt to put in some compartmentalization so people didn’t have to live in a communal setting. You wanted to avoid people needlessly nosing around in everybody’s files.” 

And passwords became more advanced over time

In the 1980s, password policies became standard across industries that were leveraging computer technology – and they started to become more complex. Users were urged to include a combination of lowercase and uppercase letters, along with numbers and symbols, to make passwords harder to crack. 

Naturally, this also made passwords harder to remember. And that led to a different set of vulnerabilities: people began writing their passwords down on paper or in computer files, and using the same password across various different accounts.

But as password standards became more complex and the problems with passwords evolved, the concept of the password remained the same: a code word to give the user unique access to whatever it is they needed to access. 

And substandard passwords are still a problem now 💣

The concept of the password is still the same. And weak passwords are still a serious issue.

A study in the US by NordPass, for example, found that the top ten most-used passwords in 2023 were: 

• 123456
• 123456789
• Qwerty
• Password
• 12345
• Qwerty123
• 1q2w3e
• 12345678
• 111111
• 1234567890

Yes – really.

A list that would have even the most optimistic of cybersecurity professionals wringing their hands in despair. 

What’s the future of passwords in cybersecurity? 

Right now, good passwords are still a big deal.

But when will that change?

Passwordless authentication methods, particularly biometrics, are becoming more advanced, and are increasingly accepted and adopted by digital users. And passkeys (relying on Bluetooth, smartphones, PINs and biometric data) have received support from big tech firms including Apple, Google, and Microsoft – with passkeys already available on Chrome, Android, Apple ID, and more.

Join the conversation 💬

You’re the expert. We want to know what you think about the future of passwords – are they going to stick around and morph into new forms and standards, or is it only a matter of time before alternative authentication processes completely take over?

Open this newsletter on LinkedIn and tell us your perspective in the comment section. 

🔗Read our interview with Isabelle Meyer: Why real knowledge is crucial to overcome false promises

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 13 March 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.