Death of the Password

News

August 09, 2017

Death of the Password

The August Blog Series | All About Fintech

Issue 6: Death of the Password


In the IT sector, passwords have nearly always been more trouble than their worth. Users are constantly encountering issues with passwords, such as forgetting them or giving them out. Passwords themselves aren't really all that secure in terms of authentication -- and they can be highly variable in how secure they are. Luckily new developments in technology have made it easier to sidestep the problem entirely, through the use of more advanced security and authentication measures.


The Problem With Passwords

  • Passwords are not user friendly. Users have difficulty remembering passwords. Passwords that are secure tend to be highly complex and thus difficult to remember, which leads users to write them down or save them on their computer or their phone -- and that is an action that is inherently insecure.

  • Passwords don't verify identity. At most, they verify that someone knows the password. Anyone can "know" a password, whether it's by subterfuge (such as looking at a notepad that it is written on) or by intent (such as the password being shared among multiple people). Because of this, a password doesn't really tell a system anything.

  • Passwords can be guessed. As technology increases in complexity, it becomes easier to guess passwords through the use of dictionaries, brute force attacks, and other vulnerabilities. A password is something simple enough for a human to remember, which does put an upper limit on its complexity.

  • Passwords are high cost. Because of the issues involved above, passwords tend to have a high IT burden. In fact, many IT professionals spend quite a lot of time simply resetting passwords and restoring user accounts -- specifically because they are not user friendly.


Biometric Scanning Paves the Way for a Password-Less World

Biometric scanning is preferable to passwords in nearly every way. Biometric scanning truly identifies an individual, as it cannot be traded and is unique to that individual. Biometric scanning is also far easier to use for the user, as they only need to scan their eye, finger, or palm, in order to log into the system. An easy to use system, in turn, reduces the overall administrative burden for a company or system.

In the past, biometric scanning was prohibitively expensive because of the precision necessary in the technology involved. But technology has advanced to the point where biometric systems can be easily installed in home computers and smartphones, making it far more likely to be utilized for things such as payment gateways. As the adoption of biometric scanning increases, it's very likely that password usage will decrease.


The Use of Two-Factor Authentication

Highly secured systems nearly always used two-factor authentication. This meant that two items had to be provided: generally a password in addition to a physical item, such as a key or key card. In the early days, many expensive software suites were further secured through the use of a "dongle" which was a device that would need to be plugged into the USB drive in order for the system to activate. These systems were far more secure than just a password -- and it is what we are seeing in payment methods today.

Two-factor authentication is commonly being linked into email accounts and text messaging, so that when devices log into secured networks they also need to verify that the user has their phone (or access to their email address) in addition to their login information. This is far more secure, as it resolves some of the inherent issues with passwords (such as not being able to truly authenticate identity). When combined with biometric scanning, two-factor authentication can create an exceedingly secure and easy to use system.

It's very likely that passwords are going to become obsolete within the decade. Smartphones and other mobile devices are now coming with biometric scanning standard, and other systems are now using two-factor authentication that requires a physical item or access to another system entirely. While there may always be PINs or similar pass codes, it's very unlikely that passwords are going to remain the dominant method of security much longer.