How To Make Passwords Obsolete - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
4/7/2015
07:06 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

How To Make Passwords Obsolete

Why do we still rely on the human-memorized password for authentication? Here are seven alternatives worth considering.
Previous
1 of 10
Next

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

We've all complained about passwords for years, yet very little has changed. If you had asked me five years ago about the future of the username and password authentication mechanism, I would have proclaimed that the practice would be long dead by now. And I would have been wrong.

That raises two questions: Why do we still rely on the human-memorized password for authentication, and what methods are out there that could finally render it obsolete?

On the following pages, we'll talk about seven of the top password alternatives. Some of these methods, such as fingerprint and facial recognition, have been around for a while, but are being implemented in new areas. Other forms of authentication leverage the popularity of social networking, using our Facebook or Twitter accounts to let us access other applications on the Internet. Still others let us use our smartphones as an authentication mechanism. Whether through the use of geolocation identification, NFC/Bluetooth transmissions, or other app-based authentication, smartphones and other smart devices can act as a set of virtual house keys that grant us access to all of our protected digital assets.

In order for many of the authentication methods presented here to work, there needs to be a change in philosophy in terms of what levels of security are needed. Risk levels need to be determined on a per-application and per-authorization level. If risk levels are low, perhaps a simplified authentication method will suffice. When risk levels are high, by all means lock it down like Fort Knox.

The point is that the password is no longer the best way to authenticate users. Now, it's a matter of choosing the right authentication method for your system or application and implementing the authentication tool that best suits your needs. Check out these promising authentication methods, and tell us in the comments section below whether you think any of them can actually replace the password.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
hho927
50%
50%
hho927,
User Rank: Ninja
4/8/2015 | 1:04:26 PM
Re: Is the solution more of a pain than the problem
The problem is people don't remember their passwords especially when the passwords are complex.
jries921
100%
0%
jries921,
User Rank: Ninja
4/8/2015 | 11:45:39 AM
Facial recognition could work
...as could Star Trek style voice authentication, though in the latter case, apparently it takes both voice recognition *and* a password to blow up one's ship.

 
NJ Mike
100%
0%
NJ Mike,
User Rank: Moderator
4/8/2015 | 11:18:43 AM
Is the solution more of a pain than the problem
Yes, passwords can be a pain, but the concept is simple, so everybody understands what is happening.  The idea of using individual certificates?  Just one more pain in the butt thing to remember when you get a new device/computer.  And how many people, especially those not in IT, understand what the heck they are and how they work.

Biometrics sound nice, and I like just swiping my finger on my cell phone to unlock it - but if I cut my finger, good thing there is an old reliable password, as a band-aid renders the finger swipe useless.  Will I need to take off my glasses everytime I want to do a retinal scan?  How much do things like this add to the cost of a device?

Log on using social networks?  No f***ing way.  I just don't trust Facebook - as another reader pointed out, what if your password there gets compromised.  Also, as previously stated, why does Facebook need more information about us?  I don't need my activity reported on Facebook as part as one of their new "features".

Yes, passwords are a pain, but they are simple, cheap, and they work. 
NJ Mike
50%
50%
NJ Mike,
User Rank: Moderator
4/8/2015 | 11:17:29 AM
Is the solution more of a pain than the problem
Yes, passwords can be a pain, but the concept is simple, so everybody understands what is happening.  The idea of using individual certificates?  Just one more pain in the butt thing to remember when you get a new device/computer.  And how many people, especially those not in IT, understand what the heck they are and how they work.

Biometrics sound nice, and I like just swiping my finger on my cell phone to unlock it - but if I cut my finger, good thing there is an old reliable password, as a band-aid renders the finger swipe useless.  Will I need to take off my glasses everytime I want to do a retinal scan?  How much do things like this add to the cost of a device?

Log on using social networks?  No f***ing way.  I just don't trust Facebook - as another reader pointed out, what if your password there gets compromised.  Also, as previously stated, why does Facebook need more information about us?  I don't need my activity reported on Facebook as part as one of their new "features".

Yes, passwords are a pain, but they are simple, cheap, and they work. 
anon1345044580
50%
50%
anon1345044580,
User Rank: Apprentice
4/8/2015 | 10:37:33 AM
Short Sighted
In today's NSA world it's seems kinda obvious that it's not enough to make our accounts and devices more secure.  They have to be both secure and allow us to keep our privacy (if we want it, or at least have the knowledge of what is being given away).  I think biometrics it ripe for abuse.  Same thing with geolocation.   I like the idea of on demand passwords.  Though it is weak from the standpoint of theft, I think that's a bit better than allowing any group to permanently track people's biometrics.  
Andrew Froehlich
50%
50%
Andrew Froehlich,
User Rank: Moderator
4/8/2015 | 10:27:52 AM
Re: making passwords obsolete
@RockFox - You bring up a great point about password management software. I too use it...and it is a great help. But I think that it's simply a crutch to help us with an authentication mechanism that needs to be replaced with something better.
Andrew Froehlich
50%
50%
Andrew Froehlich,
User Rank: Moderator
4/8/2015 | 10:24:36 AM
Re: making passwords obsolete
@mtanenbaum801 -- You are correct. Many examples of authentication are less secure than a standard username/password. I think that much of the problem is that we try to treat all of our authentication the same from a security perspective. 
RockFox
50%
50%
RockFox,
User Rank: Apprentice
4/8/2015 | 10:20:05 AM
Re: making passwords obsolete
I agree.  There is no way I would every login anywhere using my Facebook or Google account.  These guys already know too much about me.

I use a password manager (RoboForm) that will generate complex passwords that I do not have to remember.  I make them with as many characters as allowed.  I only have to remember my master password.  Of course I have my database backed and stored in a safe location.  I give my master password to my POA and also my executor.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
4/8/2015 | 2:19:26 AM
No cyber life is possible where there is no password.
Something dependent on the password (ID federations, 2/multi-factor, biometrics, etc) cannot be the alternative to the password.   

It is too obvious, anyway, that the conventional alphanumeric password alone can no longer suffice and we urgently need a successor to it, which should be found from among the broader family of the passwords and the likes.
soozyg
50%
50%
soozyg,
User Rank: Ninja
4/7/2015 | 8:46:58 PM
multiple users
As the mother of two children who each have their own cell phone, I would ask that the security not get more complex. Verizon has a program (Family Something....] that emails me everything coming and going from my kids' phones, but I would like to be able to get into those phones any time. So hopefully, whatever new security is created, it allows for multiple users.
<<   <   Page 2 / 3   >   >>
Commentary
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
News
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll