Our online lives revolve around passwords. Whether it’s checking social media, accessing emails, watching Netflix, shopping through a website or checking a digital bank balance, we securely access our internet valuables through random combinations of letters, numbers and punctuation marks. At least, it is supposed to be that way. While passwords have been an integral part of encrypting private information for the past couple of decades, many businesses and websites are now opting to omit them. In lieu of the latest string of cyber-attacks, including the infamous Cambridge-Analytica hack on Facebook during the 2016 U.S. presidential election and the State Department’s recent email breach that exposed employees’ personal information, passwords no longer seem like a secure system to rely on.
But if passwords aren’t reliable, what are the alternatives, and are they actually safer? Let’s dive into the history and context of password use, and identify key alternatives transforming how computers and similar devices verify users.
Passwords before the Digital Age
Passwords existed long before modern technology and the internet. Historically, passwords have been used for many clandestine tasks, including encrypted communications, access to private establishments and distinguishing identities. It was not until 1960 that MIT’s Fernando Corbato introduced them to computers as a way to keep individual files private. Fast-forward to the 1980s, and computer buffs started grasping how to decrypt code. As more people gained access to the internet in the 1990s, and became more experienced with the coding processes, online private data storage became vulnerable to hacks. Once hacking went mainstream, technology and security experts became concerned about preventing the compromise of personal information.
Bill Gates predicted the demise of passwords almost 15 years ago while speaking at the RSA Security Conference in San Francisco, stating passwords cannot “meet the challenge” of keeping critical information secure. Since then, many enterprises have heeded the Microsoft founder’s words and developed other ways of executing online authentication.
Forgot Your Password?
But security concerns aren’t the only factor for avoiding passwords. The reality is, passwords are not only becoming easier to hack, but downright inconvenient for users. Just think — how many different passwords do you remember on a regular basis? Around five? Maybe 10? That may seem sufficient, but according to a Password Expose report, the average person has 191 different passwords. That is a huge number of phrases and letter combinations to have to remember. With that many to recall, people are bound to forget their passwords from time to time — which is why 61 percent of people use the same or similar password for their various logins. While employing such a system may make it easier to remember passwords, it also makes it simple for hackers to gain access to your accounts. Thankfully, corporations have long been developing practical ways to prevent regularly occurring password hacks. The most popular solution at the moment is two-factor authentication, which requires an additional step, such as CAPTCHA or security questions, after you’ve entered your password. Password managers are another useful tool that not only assists with creating stronger passwords, but also helps people remember them, and automatically logs into websites labeled as favorites. While these particular methods do not eliminate passwords, they provide an added layer of security and convenience. They may not solve the core problems with password security, but they support and protect the current security system as other forms of authentication are still in development.
Alternative Authentication Solutions
One such up-and-coming solution is Web Authentication (WebAuthn), a credential management API that is built directly into web browsers, allowing users to register and authenticate with web applications using an authenticator. The most popular form of WebAuthn is biometrics, encompassing the various forms of facial, voice and fingerprint recognition. While facial recognition is already standard on iOS, the technology could eventually replace use of a login passcode altogether. Facial recognition could potentially be implemented into websites, which can scan your face through your computer, tablet or phone, providing a quick and easy alternative to typing passwords. Voice recognition is another simplified way of authenticating. It is already commonplace in households with devices like Amazon Echo and Google Assistant, and banks have started to allow customers to use the aforementioned voice-activated digital assistants to check their balances and make credit-card payments without logging in.
Though not as extensive as passwords, fingerprints also have a history of use as a means of identification. Thanks to the high level of uniqueness for each individual’s fingerprint, it has become a standard to identify authentication with organizations like a forensics lab or the Department of Motor Vehicles. Most consumers already possess smartphones that have the option of using a fingerprint to login rather than typing in a passcode. And soon laptops will utilize biometrics to authenticate users, both for logging into the computer itself and for web accounts.
Another proposed solution is Geolocation Identification, which utilizes a user’s mobile device to track their location and provide authentication services wherever they are needed. Geolocation allows an organization to send a user a push notification to authorize transactions, or allows the financial service to access the user’s GPS location. Then, by cross checking the tracked location of the transaction against the user’s location, they can verify the user is in the corresponding vicinity in which the transaction is requested as a method of identification. It’s hard to tell which of these options will ultimately come to replace passwords, but it is undeniable that they offer far superior solutions since they are difficult for hackers to replicate.
The Future of Passwords
Given the immense benefits of the aforementioned substitutes, it’s hard not to conclude that password systems will soon be obsolete. That said, many of the solutions are still being developed and will take years to become perfected and popularized, so passwords will stick around for a while longer. Ultimately, the timing for the future of passwords comes down to how long society is willing to stick out security breaches and endless lists of passwords, combined with how fast developers can work to perfect new encryption methods.