Solving the password problem
Why do we still use passwords?
Can’t think of a reason? Neither can most security professionals. Passwords are cumbersome for customers to use (even the FBI’s most wanted cybercriminal used his cat’s name as a password) and don’t offer the level of security businesses need.
While there has yet to be a technology worthy of replacing passwords, competition is fierce. The following are the three major contenders and the likelihood of whether or not they will be dubbed “the new password.”
Probably not: Fingerprints
It may feel fun and futuristic to gain access to your data using fingerprints, but, in reality, it is not logical. Nicholas Percoco, vice president of strategic services at IT security firm Rapid7, put it best when he said, “If you think about your fingerprint, every single thing you’ve touched since you woke up this morning has your password on it.”
If you want to take it a step further, what happens when your fingerprint is compromised? You can’t change your fingerprint like you can a password.
Maybe: Digital tokens
Tokens are a popular contender because they are so user-friendly. Digital tokens are a smartphone-based version of physical tokens. Instead of having a key fob or USB for authentication, unique data (such as an image or sound) would simply be sent to someone’s smartphone for login authentication.
Digital tokens will likely have their place in the future of security, but it will be hard for them to replace passwords in their current state; there are just too many drawbacks. What do those without a smartphone do? What happens when your phone dies? What if you phone is stolen?
Definite possibility: Two-factor authentication
The great thing about two-factor authentication is that it does not involve dramatic change. Businesses don’t like to pay for the tools to change and customers tend to be stuck in their ways.
Two-factor authentication would most likely utilize passwords as one of the factors and image recognition or a text message as the second. After major password breaches like Heartbleed, this is the password alternative many businesses are turning to – at least for the short term.
Experts are predicting that 2015 will mark the end of the password; what do you think? Will passwords continue to be the go-to security choice or is different technology going to take over?
