While various cybersecurity professionals have suggested that over the next few years passwords will be replaced by other forms of authentication, a new report published by analyst firm, Cybersecurity Ventures, states that the number of passwords in use is actually growing rapidly, and will likely surpass 300 billion by 2020.
The report, entitled The World Will Need to Protect 300 Billion Passwords by 2020, and jointly produced with cybersecurity product vendor, Thycotic, concludes that in just a few years, humans will be using over 100 billion passwords, and connected machines - the number of which continues to grow on an daily basis - will themselves utilize in excess of 200 billion passwords. While estimating such numbers may sound like an academic exercise, if the estimates turn out to be even remotely correct our society faces a substantial challenge: how do we effectively protect so many passwords?
Over the past few years we have seen literally billions of passwords stolen - with some estimates pegging password loss in 2016 alone at over 3 billion (that averages out to almost 100 stolen every second, or over 8 million stolen per day!). With an already less than stellar performance record, how is the world going to be ready to defend many times more passwords in just a few years than it has to now?
According to the report, much of the password growth is from Internet-of-Things devices; such an argument makes sense: while the number of people online is estimated to grow from about 3.4 billion in 2016 to a little over 4 billion by 2020, the number of connected devices is expected to skyrocket from about 15 billion in 2015 to 200 billion in 2020.
On that note, it is important to realize that with an increasing number of connected devices being utilized in medical and industrial facilities, the consequences of IoT password breaches could easily include people dying. And, as we learned last year, many IoT devices lack adequate security - to put it mildly.
How the dust will ultimately settle in terms of IoT security is yet to be determined, but, two things are clear vis-à-vis passwords: 1. Everyone who uses technology is likely going to have to continue to protect his or her passwords for quite some time to come, and 2. cybersecurity professionals are likely going to have a big job on our hands to improve how we protect a rapidly growing password ecosystem and infrastructure.