Passwords are giving way to better security methods – until those are hacked too, that is | US small business

We humans are simply too dumb to use passwords. A recent study from password manager NordPass found that “secret” was the most commonly used password in 2024. That was followed by “123456” and “password”. So let’s all give praise that the password is dying.

Yes, we know that we should be using 20-letter passwords with weird symbols and numbers, but our minds can’t cope. We use the same password for many accounts, be it for a newsletter subscription or our life savings. We all have too many passwords. So we opt for the easiest to remember – and steal.

Hackers know this and our passwords are available from the countless data breaches that occur on an almost daily basis on the dark web to anyone with a few bucks.

Now Mastercard, Visa and a whole host of other tech and finance firms are killing off passwords. Mastercard is aiming to end passwords and all that keying in of card details by 2030. Instead, biometric methods such as fingerprints or facial recognition will be used to see if it’s the real you.

Microsoft, Apple, Google, Samsung and other big tech companies are moving towards what they call “passkeys”. Under this security method, your pin is saved both on the cloud provider’s site and on your device so that when you try to enter the site instead of – or in addition to – using a password, you use the pin that’s authenticated in both places, and as long as you’re on the same device you’re allowed access.

Until, of course, you lose that device or it gets stolen and the pin is hacked. Or a hacker uses a deepfake imitation of your voice to dupe an unsuspecting customer service rep with your stolen information. Or a hacker uses open-source software to hoax users into revealing their pin as they try to log in to a site. It happens. More than you would like to know. Or your biometric information is stolen through malware and then – using advanced AI with high-resolution photos or 3D imaging – replicated. This already happens.

Spoiler alert: even in a post-password universe, your company’s data and your personal data are not safe. Tech companies will keep coming up with new ways to secure it, and hackers will find their way around. It’s a war that will never end, supported by a multibillion-dollar industry that makes security tools and whose executives secretly salivate every time there’s a new flaw because … hey, better not cancel that subscription, or else!

It is depressing but it is not a reason to give up. As a business owner, you have a fiduciary responsibility over your cash and your company’s data. So you must keep fighting. You make sure your employees are trained to notice potential scams (that’s the No 1 cause of breaches). You pay an IT company to load the latest (and – another spoiler alert – immediately out-of-date) security software on all your company devices. You keep all your operating systems – Windows, iOS, etc – updated. You get cyber-insurance. You back up your data. You do all these things because you’re supposed to. It will never guarantee the security of your data. But it will help minimize your risk.

And it is all about risk. Life is about risk. You take risks when you cross a street, get on a plane, eat at a restaurant. You do this because there are rewards. At work, you risk data breaches because technology helps you do things faster, keep your overhead low, grow sales, make you and your people more productive. You enjoy the rewards of delivery services, mobile payment apps, social media and online betting. Are these rewards greater than the risks of a data breach? For most, the answer is yes. It’s a choice. We know the costs. And we don’t do enough to protect ourselves. We all choose to take that risk.