Are passwords passé?
Increasingly, other security measures are replacing the password, reviving the debate over whether passwords have outlived their usefulness.
ZDNet.com reports, “Microsoft has already outlined how it plans to kill off passwords in Windows 10 using a combination of multi-factor authentication and biometrics via Windows Hello, a service it says is being used by more than 47 million people.”
Both in the United States and overseas, governments are striving to ramp up online security with password alternatives.
ZDNet.com notes, “Earlier this year one UK bank said it was planning a trial allowing customers to access their accounts using their face or fingerprints using Windows Hello, and just this month the National Cyber Security Center, the UK's cyber security agency, updated its guidance to say that government organisations should use Windows Hello for Business as part of their Windows 10 deployments.”
And Securityweek.com reports, “The state of California recently passed a bill that requires the manufacturers of connected devices to use unique hardcoded passwords for each device manufactured. The bill, meant to combat the widespread use of weak passwords in connected devices such as Internet of Things (IoT) products, also demands that manufacturers implement a security feature in their devices to require users to select new means of authentication upon first use.”
The debate over passwords and password alternatives reaches back decades.
CNet.com reported in 2004 that Microsoft Chairman Bill Gates foresaw the end of passwords, predicting that other security measures would meet the need.
At the time, Gates said: "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
So why are passwords still around when we now have sensors and cameras on smart phones, plus the processing speeds, to make biometric authentication a real option?
ZDNet.com explains, “Insecure, annoying, expensive – passwords would have been got rid of long ago except that the fundamental concept is easy to implement and easy to understand. But the end of the password is finally coming into view.”
So, with the growing pressure to protect the growing amounts of online data, passwords will likely be phased out. But when is hard to predict. However, recent advances strongly hint that it may be sooner rather than later.
The Star, a Malaysian news website, notes that in April, “Web standards bodies World Wide Web Consortium (W3C) and Fido Alliance announced WebAuthn, a new web authentication standard that lets users replace passwords with more secure login methods like biometrics.”
FIDO supports world-wide standards that “deploy strong authentication solutions that reduce reliance on passwords.” Facebook and Google already use Fido Alliance's services for login authentication, but now with the support of W3C more sites and services can use WebAuthn to eliminate the need to use passwords as a login method, reports The Star.
Today, passwords are still the first defense against data breaches. However, human nature often undoes the best efforts to develop secure passwords. Experts have recommended random assemblies of letters and numbers and/or passphrases, but users often fall back on familiar words or phrases to access their devices. We strongly recommend adding two-factor authentication, which is available on most devices. Something you know, like a password, plus something you have, like a code generated by an authentication app on your smartphone or from a text message from an app, is far better than relying on a password alone.
For more tips on how to keep your data safe, download our free white paper: Oh the Humanity! The Role People Play in Data Security.