by Finn Jensen, CEO of FastPassCorp
The humble password must have read its own obituary many times in recent years given the number of “Passwords are dead” articles that have been published. At a Gartner conference, I recently saw the headline “Walking dead – the password.” But is it really dead? In a recent article posted by SecurityWeek, it was stated that the number of passwords will grow to 300 billion by 2020. This seems to contradict the reports of the demise of the password. So as the number of passwords seemingly continues to increase, why don’t we recognize this and do our best to help the password survive into the future as a strong companion for guarding the doors to our online presence
Password – you’re OK! Not OK like in perfect. Sure, you have your deficiencies and challenges, but you certainly have strengths and benefits too, which should kick that obituary out to a far-away future!
But why do so many experts want the use of passwords to die and disappear? Is it because of the risk that users are unaware of how to protect their passwords, and then share them too freely with others? Or because there are other alternatives that exist. However, though these alternatives may be handy and convenient, even these carry a cost and could potentially be misused by determined high-tech criminals. Some security experts even claim that regardless of the credentials of any system, it is only a question of time before it is breached.
On the other hand, it’s also worth remembering that passwords don’t cost anything, they are instantly available, they can easily be replaced if forgotten, and all types of systems accept them as credentials.
As stated above, all credentials possess risks. For the “more important” systems, users, and situations, multi-factor authentication should always be used. But here, the use of passwords is the perfect companion to other credentials for each user. The traditional categorization of creating good authentication credentials still makes good sense:
With multi-factor authentication, we combine credentials from these different categories. It is extremely difficult for any criminal hacker to breach them all. It is hard to understand why the first category: “Something only I know” = passwords, should be excluded from the authentication process.
So clearly, passwords are not dead, yet. The question is, if it will ever be a good idea to kill them off? Those who want to kill the use of passwords should present a viable alternative first and justify that the alternative is better than the use of passwords.
Meanwhile, password guardians must take extra steps to secure them better. This means improving the processes while reducing the cost of password systems (such as assistance to users for forgotten and locked passwords). This is easier and cheaper than throwing passwords away and embarking on new methods that might be a bad choice in the long term. One great example of such a method is the SMS one-time-password (OTP), which a few years ago was seen as the natural replacement of passwords. However today, this method is considered riskier than passwords.
With all the amazing benefits we can get out of Password when partnered with advanced credentials, the Password is free than ever to move forward and ignore the naysayers. Password, you are not dead yet! With the right support from us, your human friends, you can even be secure and efficient to enjoy a long future yet!
Long live our passwords!