Are Passwords On Their Way Out?
What is your name? Quest? Favorite color? Are passwords no longer necessary in the digital world?
Once upon a time, internet passwords were simple. One password would work on almost every website, there were no two factor authentication logins and the only PIN code most people had to remember was for their bank card. Sadly, high-profile database hacks and data thefts have compromised passwords to the point where experts recommend having a unique password for every website a person is registered with. Otherwise, one parcel of lost data can jeopardize the safety of every active account sharing those login details. As a consequence, the average internet user now has over a hundred passwords to remember.
Does It Have To Be So Hard?
The waters are further muddied by bewildering (and often contradictory) password requirements among service providers. Software will refuse to accept passwords that are the wrong length, use ascending numbers, don’t feature a mixture of uppercase and lowercase alphanumeric characters and symbols, have been used before, or simply aren’t deemed to be ‘strong’ enough – though the criteria for what qualifies as an acceptable password varies widely. Then there are sites that generate their own unique user IDs, unique passcodes and/or unique PIN numbers. Some sites will lock people out after three unsuccessful login attempts for certain periods of time, and may even freeze their accounts until their identity is proven.
Little wonder that the technology sector is focused on developing replacements for this dated and increasingly unmanageable method of user recognition. These are the options most likely to supplant Post-It notes covered in scribbled login credentials:
Password Management Tools
Rather like a skeleton key that can open a hundred locks, online password management tools govern numerous websites at once. Users create a complex passphrase that could realistically only be hacked by a quantum computer. The tool stores all their passwords for third-party websites, preventing each site demanding unique login credentials on every visit. Providing these master databases are buttoned down with impregnable levels of security, password management can allow users to access hundreds of different sites with ease.
Biometrics
Some smartphones can now be unlocked with a thumbprint or fingerprint, provided those digits are clean enough. Other than holding someone hostage or cutting off their extremities, biometrics can’t be cheated. There is no clear leader in this field at present, with a variety of devices scanning fingerprints, faces, irises and even vein patterns. Nonetheless, the enthusiasm for biometrics among military institutions suggests this will become increasingly mainstream; computers may use webcams for iris scans, or introduce smartphone-style fingerprint recognition panels.
Voice Control
This is a less definitive method of identification, since mimics or high-quality recordings may potentially be able to trick voice recognition software. It’s also unclear how medical conditions like flu or a stroke might affect a person’s ability to establish their credentials. However, Interactive Voice Response software is being adopted by online banks, and voiceprints can now act as legally binding signatures.
Access Granted
Although these are all competing technologies at present, it’s likely that one of the above systems – probably biometrics – will come to the fore. Websites may even drop their own security layers if they know each end user has been authenticated by their computer, smartphone or tablet. However, as with today’s password databases, the safe storage of this information is vital to prevent criminals altering databases or overriding security protocols. Those data centers and service providers will need their own layers of security, which means we may not be completely rid of passwords for some time yet…