Report: Passwords not going away any time soon

The number of passwords in use will grow from about 75 billion today to around 100 billion in 2020, according to a new report from Cybersecurity Ventures.

Meanwhile, the number of passwords used by machines, such as IoT devices, will grow even faster, from around 15 billion in 2015 to around 200 billion in 2020, the report said.

And these numbers don’t include one-time passwords, SSL encryption keys and other short-term credentials, said Joseph Carson, head of global strategic alliances at Thycotic Software, the company that sponsored the report.

“Passwords have been around, literally, for centuries,” he said.

But over the past few years, it’s become popular to predict their death.

Bill Gates predicted the death of the password at an RSA Security conference in 2004. In 2011, IBM predicted that passwords will be replaced by biometrics and similar security systems within five years.

“It’s now years after those statements were made, and passwords are still in heavy use,” he said.

Where biometric authentication has been deployment, it’s been as an adjunct to passwords, not a replacement.

“The biometrics are used for ease of access to systems,” he said. But passwords are used to establish the initial trusted relationship, and as a fall back when the biometrics fail.

“Biometrics will never replace passwords,” he said.

Joseph Carson, head of global strategic alliances at Thycotic Software

According to Carson, the estimates come from worldwide statistics about the total number of computers, operating systems, servers, routers, and other technologies and applications that come with passwords or require users to create passwords to use them.

“Then there are the social media accounts, which have been growing significantly,” he added.

The average user has 25 or more passwords, he said. There’s no decline in the number of passwords, he said. In fact, the opposite is the case.

“We find that the growth is accelerating at a massive pace,” he said.

And the use — and reuse — of all these passwords is creating an ever-growing attack surface of both human and machine-to-machine passwords.

A record number of credential breaches was disclosed last year, he added — 3 billion, with three out of every seven people having had at least one password or credential stolen.

A report released last week by the Pew Research Center said that for U.S. adults, the number was even higher. According to a survey conducted last year, 64 percent said that they had personally noticed or been notified of a data breach that affected their accounts or personal data.

According to Carson, the financial damages of the breaches will continue to increase as well. Thycotic and Cybersecurity Ventures predicts potential damages from cybercrime to reach $6 trillion by 2021.