The demise of passwords
Passwords have been all over the news for all the wrong reasons for sometime now. They are being compromised more easily every day. The death of passwords seems inevitable right now. Bill Gates foresaw its demise back in 2004. What was the reason for this? Are there any alternatives for good old passwords?
Passwords are beginning to show their age
They’re too old an idea. One year in the tech world is a lifetime for certain products. That’s the pace at which technology is improving. Having that in mind, realize that the concept of passwords was created in the 1960s. Yep, it’s almost sixty years old. This means that passwords are basically living fossils in the tech world. The ease of a password compromise should be indicative of the end of its lifespan. Hackers are getting smarter, and the number of ways in which passwords can be retrieved without consent is only increasing. Over time, when problems arise in something, it means that it’s getting old. When those problems become grave, it’s time to say goodbye. There are many alternatives to passwords, and some of them are used in combination with passwords for enhanced security. More on that in a while.
Our sloppiness isn’t helping the case
Passwords are slowly becoming cumbersome to people, as the number of places where passwords are required keeps rising. Having to memorize so many passwords is a chore, so people decide to reuse passwords, which happens to be a terrible idea for security. According to LastPass, 59% of the people they surveyed reused passwords for multiple accounts. It may be a comfortable practice, but it results in a domino effect. If one of your accounts gets hacked, and if you have used the same password for several other accounts, you can say goodbye to them too. Also, we have a great habit of creating super-strong passwords, such as … “password”. These passwords have been used, cracked and reused repeatedly. They are first in line to fall. Weak passwords are also like entry points for hackers into enterprises. A Verizon Data Breach Investigations report says that 81% of all the security breaches happened either due to stolen or weak passwords. If this doesn’t stop you from using ‘123456’ as a password, I don’t know what will.
There are more advanced and cooler solutions
Scrutiny of Identity and Access Management (IAM) trends in 2018 reveals several interesting developments, among them being the slow phasing out of the simple password, and various alternatives popping up in its place. Out of all these trends, the most popular ones have been biometric and multi-factor authentication systems.
Biometric authentication
Biometric authentication systems were used in heavily secured areas. However, they have trickled down to consumer products. Smartphones and laptops come with fingerprint and iris scanners, and even facial recognition systems. All those seemingly impossible gadgets from Star Wars and the James Bond movies are resting in our hands. With the boom of artificial intelligence, there have been developments in what is called behavioral biometrics. Machine learning programs can monitor and learn a person’s behavior patterns such as the way he or she walks, and types on the keyboard. Over time, they can detect an anomaly in their typical behavior patterns. Such authentication systems can be placed at entrances, where they authenticate people based on their walking patterns. It can also monitor the computer usage pattern of someone to detect if someone else is using a computer apart from the designated person. These systems can go a long way in enhancing security. In theory, such programs can detect that something is wrong by the way you drink coffee. This is scarily mind-blowing.
Multi-factor authentication
Multi-factor authentication, especially two-factor authentication is becoming a widely adopted practice right now. It’s a simple solution that utilizes hardware we already have like our smartphones, unlike biometric authentication systems which require separate hardware implementations. Many banking services and even some account authentication services use two-factor authentication. They usually ask for a password (yes, the dying password may have a second chance to prove that its still worthy), and then send a push notification to another device or a one-time password (OTP) that should be entered within a stipulated time. Push notifications are usually sent to a trusted device, such as our smartphones. OTP’s are sent to out mail or through SMS to the phone number that we give. These methods require us to have a credible source for the second authentication, one that we usually always carry around with us. Device specific authentication is also a practice, wherein a specific device, such as a USB stick, or, again, our smartphones, act as keys to authenticate ourselves.
These days, data is right up there with precious metals in terms of value, if not higher. Naturally, we have to protect this data from malicious attacks. For that, a sixty-year-old technique definitely doesn’t seem to be a logical idea. Modern problems demand modern solutions, and I believe it is time to move forward to keep our information safe where they belong.