Why Big Tech Wants You To Ditch Your Password
2,530,726
Published 2020-01-21
Update (January 21, 2020): A website mentioned in this video, WeLeakInfo, was shut down by the Federal Bureau of Investigation and other law enforcement agencies on Friday, Jan. 17, 2020. The site claimed to have more than 12 billion usernames and passwords from more than 10,000 data breaches.
Passwords are a very serious and expensive security risk. A report by Verizon looked at 2,013 confirmed data breaches and found that 29% of those breaches involved the use of stolen credentials.
Another study by the Ponemon Institute and IBM Security found that the average cost of a single data breach in the U.S. was more than $8 million. Even when passwords are not stolen, companies can lose a lot of money trying to reset them.
“Our research has shown that the average fully loaded cost of a help desk call to reset a password is anywhere between $40 or $50 per call,” says Merritt Maxim, vice president and research director at Forrester.
“Generally speaking, a typical employee contacts a help desk somewhere between 6 and 10 times a year on password related issues,” Maxim said. “So if you just do the simple multiplication of six to 10 times, times 50 dollars per call, times number of employees, in your organization, you’re talking significantly hundreds of thousands of dollars or even potentially millions of dollars a year.”
» Subscribe to CNBC: cnb.cx/SubscribeCNBC
» Subscribe to CNBC TV: cnb.cx/SubscribeCNBCtelevision
» Subscribe to CNBC Classic: cnb.cx/SubscribeCNBCclassic
About CNBC: From 'Wall Street' to 'Main Street' to award winning original documentaries and Reality TV series, CNBC has you covered. Experience special sneak peeks of your favorite shows, exclusive video and more.
Connect with CNBC News Online
Get the latest news: www.cnbc.com/
Follow CNBC on LinkedIn: cnb.cx/LinkedInCNBC
Follow CNBC News on Facebook: cnb.cx/LikeCNBC
Follow CNBC News on Twitter: cnb.cx/FollowCNBC
Follow CNBC News on Instagram: cnb.cx/InstagramCNBC
#CNBC
Why Big Tech Wants You To Ditch Your Password
All Comments (21)
-
Passwords aren't sufficiently secure & it costs companies millions to recover. Saved you guys 17 minutes.
-
A user is at fault for a weak password. Companies are at fault for: - public facing databases with no / default passwords, - not securing user passwords (hash + salt, etc...) - forcing dumb and insecure security schemes (security questions, what's your first pet, etc...) - disclosure of personal information via insecure API's and such, - not disclosing being hacked in a timely manner - sharing user personal details with and without consent, The list goes on.
-
Windows hello at work: "Your face will expire in 3 days. Your new face must contain a special character"
-
I love how a lot of companies force you to reset your password every 6-8 months; depending of the company. And everyone is complaining that changing passwords is expensive. You’re literally forcing us to change them.
-
This doesn't allow users to share prime and Netflix passwords
-
As a former developer, that line "keep 20-40 passwords" just hit me in the soul lol. I have a whole folder, filled with passwords and usernames jotted down on paper. Whenever I had to clear my cache, I cried a little.
-
I read an article in Russian that recommended disabling all face and fingerprint recognition on your devices and instead use a password. The reason for that was the fact that a policeman can unlock your device without your permission and see your contacts, communication, etc., for example after arresting you during a peaceful protest
-
you can't get a court order for a persons password, but you can use their face / fingerprint to unlock secured items like phones etc.
-
-
Tech companies: Don't use passwords, use fingerprints which can identify you even if you're unconscious Hong Kong Police: Excellent!
-
This is literally just a push from big tech to get a hold of even more of your personal data
-
9:22 I'm glad that the director of the FIDO alliance is telling us that FIDO protects our privacy. Definitely a completely unbiased opinion from his side.
-
Jan 21 - There's a site called weleakinfo.com Jan 22 - U.S Department of Justice - Say no more
-
Blames user for using passwords. Never blame themselves for having a weak security system and infrastructure. Pretty crappy way of avoiding lawsuits.
-
The ultimate advantage of passwords are: You can't steal it from the person's mind !! Finger print: you can unlock someone's phone when they're sleeping by simply placing the owner's finger. Face ID: Similar to above
-
Companies: get rid of passwords, they are not secure Also companies: password required after phone is restarted
-
One thing this report failed to say… The same Password still required to reset, change or even remove biometric security
-
$50 a call to reset a password? Come on it takes 2-5 minutes of someone that gets paid about $12 an hour...I know I use to be that $12 an hour person long ago.
-
Individuals protect their passwords. I know I do! Corporations don’t seem to be able to protect our passwords. They get hacked all the time. So they don’t want passwords because they can’t protect our passwords. Then they would be legally liable. That actually makes sense.
-
This seems like legit big brother. The NSA can't crack our complex 20 digit passwords, so they are going to force us to use face-id and then they can just hold the phone in front of us... and boom handcuffs for having the wrong opinion. Yes, I know I am paranoid. Honestly, just don't want my wife to get in my phone while I sleep.
