Let’s get rid of all the passwords

Let’s get rid of all the passwords header image
Security

By Gary Stevens

Can you imagine an online world without passwords? Probably not, but the fact is that passwords have always come with risk. No one understands that better than Microsoft founder Bill Gates. The 21st century was barely underway when Gates predicted that technology would one day replace passwords with options that are more secure.

What you may not know is that some of those alternatives are already up and running. Thanks to advances in Artificial Intelligence and Advanced Biometrics, we’re poised to get rid of passwords altogether. Here’s what you should know about these newer approaches to information security and what they could mean for you.

Understanding why we want to get rid of passwords

Why get rid of passwords? The fact is, they don’t provide that much security. Factor in our human tendencies to not manage passwords effectively and it’s no wonder we need something better.

Password sharing is one of the biggest risks we face today. Unfortunately, many people see this as a non-issue. They see nothing wrong with sharing passwords with co-workers or family members. The idea that sharing increases the risk of passwords getting into the wrong hands escapes them.

We also get lazy when it comes to coming up with passwords. All too often, we go for something we can remember easily, but also happens to be simple for software programs to figure out. Add to that the casual approach we take to updating passwords on a regular basis and it’s a wonder that more of us don’t have our personal information stolen.

Given the fact that human nature is not likely to change any time soon, we need something better than passwords. In a sense, these newer methods protect us from ourselves as much as they protect us from outside threats.

What are the most promising alternatives?

There are a number of password alternatives that show a great deal of promise. Some of them are updated versions of older security measures. Others are brand new and getting a lot of attention. Here are some examples of alternatives that may soon be mainstream.

Facial, fingerprint, and retina scans

Biometrics is a password alternative that is already seeing some early adoption, most notably in recent versions of the iPhone. The attraction to using methods like fingerprint scans, retina scans, and even facial recognition is that they utilize unique features of the user, which would be challenging to replicate.

These scans eliminate one of the major issues with password creation and management: There’s no need to remember to update passwords after a time, or constantly come up with unique combinations that you can remember but others cannot easily guess.

Persona-based authentication

Persona-based authentication identifies an individual based on things like location and behavior. Simply put, if someone attempts to access your account from an unusual place or in a manner that’s unlike what you’ve been known to do in the past, the effort is shut down. Until you respond and confirm that it’s you making the effort, no one is getting in.

Think of what this means in terms of someone attempting to access and use one of your accounts from a place you’ve never been before. If you’re typically someone who sticks close to home, the location alone is a red flag. While this type of authentication could lead to situations where you have to confirm that you really are visiting a new place, that small inconvenience is worth the superior protection.

Two-Step Verification

Two-Step Verification, also called two-factor authentication or 2FA, has been around for some time and will likely remain in place as passwords are slowly phased out.

This approach involves creating a second code that must be entered along with your username and password to access your account. Unlike a password that you assign yourself, it’s the account issuer who controls the constantly rotating code. That code is also time-sensitive and will only be functional for a short time. The controlled update of the secondary code provides more security than your passcode can create alone.

Google’s Trust Score strategy

Always at the forefront of technology, Google has their own ideas about account security. One approach that’s already being tested is known as a Trust Score. This strategy assigns the user a score based on data points to identify individuals. Some of those points include elements of biometrics as well as AI, including facial recognition and typing patterns. The goal is to eventually replace passwords with a Trust Score.

How will getting rid of passwords affect security?

There’s no doubt that getting rid of passwords will impact online security in a good way. This is true for businesses as well as individuals. Newer methods—many based on artificial intelligence algorithms—are harder to breach, which helps to reduce the risk of cyber-theft. The result is sturdier approaches to cybersecurity that protect everything from illegal access to blog controls to preventing the theft of client lists or financial data.

When will passwords go away?

With all of these ideas either in limited use or about to be launched, when will passwords go the way of the floppy disk? Don’t expect them to leave us just yet and know that it won’t happen in one fell swoop. It will take time and effort to teach people how to make the most of new identity security approaches. There’s also the need to ensure that newer methods work consistently.

In the meantime, expect to keep using passwords, but swear to yourself that you’ll do it better. Another way to improve the current situation until the future arrives is to use a password manager, which is a software program that creates and remembers more complex passwords than a human can.

A password manager helps you keep up with active passwords, reminds you when it’s time to change one, manages the two-factor authentication process, and in general helps you sidestep some of the risks inherent in using passwords.

The best password manager programs on the market today should cost no more than five bucks a month and will provide the kind of password complexity and login simplicity that exceeds what any one person (short of that guy on Jeopardy) can achieve.

The bottom line

Keep up to date on what’s happening with these alternatives, because the big shift away from passwords is likely to happen sooner rather than later. In fact, it might not be a bad idea to take some of the alternative technology that’s already out there for a test run. For example, have you seen those computers that scan your fingerprint rather than require a password to log in?

Next time you buy a laptop or smartphone, look for a model with that technology. As hard as it might be to fathom right now, someday you won’t have to remember a single password.

Gary Stevens is a front end developer. He’s a full time blockchain geek and a volunteer working for the Ethereum foundation as well as an active Github contributor.