How To Make Passwords Obsolete - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
4/7/2015
07:06 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

How To Make Passwords Obsolete

Why do we still rely on the human-memorized password for authentication? Here are seven alternatives worth considering.
Previous
1 of 10
Next

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

We've all complained about passwords for years, yet very little has changed. If you had asked me five years ago about the future of the username and password authentication mechanism, I would have proclaimed that the practice would be long dead by now. And I would have been wrong.

That raises two questions: Why do we still rely on the human-memorized password for authentication, and what methods are out there that could finally render it obsolete?

On the following pages, we'll talk about seven of the top password alternatives. Some of these methods, such as fingerprint and facial recognition, have been around for a while, but are being implemented in new areas. Other forms of authentication leverage the popularity of social networking, using our Facebook or Twitter accounts to let us access other applications on the Internet. Still others let us use our smartphones as an authentication mechanism. Whether through the use of geolocation identification, NFC/Bluetooth transmissions, or other app-based authentication, smartphones and other smart devices can act as a set of virtual house keys that grant us access to all of our protected digital assets.

In order for many of the authentication methods presented here to work, there needs to be a change in philosophy in terms of what levels of security are needed. Risk levels need to be determined on a per-application and per-authorization level. If risk levels are low, perhaps a simplified authentication method will suffice. When risk levels are high, by all means lock it down like Fort Knox.

The point is that the password is no longer the best way to authenticate users. Now, it's a matter of choosing the right authentication method for your system or application and implementing the authentication tool that best suits your needs. Check out these promising authentication methods, and tell us in the comments section below whether you think any of them can actually replace the password.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Shantaram
50%
50%
Shantaram,
User Rank: Moderator
4/22/2017 | 4:25:05 AM
Re: 192.168.1.1
Comments to the article are no less interesting than the article, thanks for helping to understand this topic
nomii
50%
50%
nomii,
User Rank: Ninja
4/21/2015 | 3:41:34 AM
Re: making passwords obsolete
And the two step process will become even more annoying if so much complexity is added in the first password that it is already hard to remember. On one side gadgets are placed to avoid memorizing even a phone number but on the other side they are forced to make much effort in order to memorize huge number of complex passwords at a time.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
4/14/2015 | 12:30:23 PM
Re: making passwords obsolete
@nomii - yes you are correct.  It's a hassle for all parties involved - people hate two-steps processes that used to requre only one. 
nomii
50%
50%
nomii,
User Rank: Ninja
4/14/2015 | 3:46:07 AM
Re: making passwords obsolete
@vnewman2: I think it is proven than dual factor authentication is difficult to crack but some companies are still avoiding it either because of extra efforts involved or they have customer base around the globe and it would cost them much higher to send a text every time for authentication. I think a pin code which would last for a month can also be an applicable solution.
nomii
50%
50%
nomii,
User Rank: Ninja
4/14/2015 | 3:33:42 AM
Re: making passwords obsolete
@jaggibons: I agree with you remembering the complex passwords created by the tool would be even difficult. My problem is not with remembering one time complex password even for multiple sites but the problem is when you have to change it every month. I think it would be better if the complexity of the password lower down and replace it with dual factor.
freespiritny25
50%
50%
freespiritny25,
User Rank: Ninja
4/12/2015 | 8:33:56 AM
Re: How To Make Passwords Obsolete
I utilize social log in when it is available. It is a temporary solutuion to memorizing multiple different passwords. 
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
4/9/2015 | 2:38:25 PM
Re: making passwords obsolete
It was so nice when a password was in fact and actual word and not a motley mess of characters, numbers and symbols that no one can remember because it varies site to site and there's no standard naming convention. I am a fan of dual authentication - password + authentication code sent to a device or email you own. It hasn't let me down yet. No one has broken the accounts of mine that have that applied.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
4/8/2015 | 1:41:37 PM
Re: making passwords obsolete
Quite right, I misread the earlier comment. I agree that if we need a tool to help us manage, the thing we're trying to manage in the first place is broken.
Andrew Froehlich
50%
50%
Andrew Froehlich,
User Rank: Moderator
4/8/2015 | 1:36:46 PM
Re: making passwords obsolete
@jagibbons -- I didn't say it was for the lazy. But the fact that you need a seperate tool in order to properly maintain all of your authentication needs tells me that there is something interently wrong with the authentication mechanism in the first place.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
4/8/2015 | 1:33:55 PM
Re: making passwords obsolete
I don't know that I'd agree with a password manager, like Roboform or many others, being a crutch for the lazy. I use one such tool, and it has more than 500 unique and complex passwords stored in it. I use them routinely for work and personal activity online. I couldn't possibly create and memorize that many complex passwords.

The reason 2-factor seems to be better than just a password is that, when implemented properly, requires a theif to have two pieces of information rather than just one. The odds of guessing my complex password while also having a copy of my fingerprint are pretty slim, at least I would hope.

No security access mechanism is perfect. The best solutions utilize a number of components to properly identify the risk based on the user and then require the right number of authentications to make it statistically improbable that the user isn't who he/she says they are.
Page 1 / 3   >   >>
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll