Back to news

What is the future of the password?

February 13, 2018    |    Cyber Security    |    Private Tunnel

A password is supposed to help secure our accounts and keep them private. However, they are often a dangerous security vulnerability because people don’t heed the warnings and reuse passwords, neglect changing them, leave the default password or use weak passwords. With this in mind, Microsoft recently made a statement and declared the password should have a target on its back. It needs to be killed off. Why so harsh? They say passwords are relics from the past and should go the same way as AOL CDs, betamax, PDAs, CRT monitors and floppy drives.

In 2003, the National Institute of Standards and Technology issued guidance on setting up strong passwords. We still use that same guidance today: frequent changes, special characters, numbers and a capital letter. The Wall Street Journal interviewed Bill Burr, the now-retired engineer responsible for putting together those guidelines, and he simply states the problem we all experience: “It just drives people bananas and they don’t pick good passwords no matter what you do.”

Microsoft isn’t alone in its efforts to do in the password. Google and Apple are also testing and rolling out alternatives.

If the password should die, what do you think should replace it?

Microsoft, Google and Apple have all taken a similar approach. The new password, they believe, is you.

Rather than remembering obscure number/letter combinations, coming up with long passphrases or using a password manager to supplement your memory, your biometric information becomes your key. Would you feel more secure knowing that your face, fingerprint or irises are what you need to access your accounts?

It’s an interesting thought to imagine reasons why you could get locked out of your account. Watch out for getting a black eye!

“I can’t access my bank account.”

“Why not?”

“It can’t read my face with my puffy, swollen eye!”

If you’re wanting to implement a better system than passwords for your website or apps, you could start by checking out FIDO, which “enables enterprises and service providers to deploy strong authentication solutions that reduce reliance on passwords and protect against phishing, main-in-the-middle and replay attacks using stolen passwords.”

Better Safe Than Sorry