Passwords… When will we learn?

Last updated: 21 March 2014

The news that “123456” has replaced “Password” as the worst password of 2013, (covered here by Ina Fried) could be taken as a positive. After all, “123456” is at least marginally less obvious than “password”. However, it should also act as a wake-up call for those who still believe a mere password is the most appropriate means of authentication for e-mail, banking and other accounts in need of verification.

As I highlighted in September last year, humans aren’t wired to remember passwords, hence why we see laughably weak passwords such as “123456” in use today. If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Unbeknown to many, there are now many innovative and safe ways to authenticate users without passwords, as well as methods which still use passwords, but only in conjunction with multiple layers of protection, known as multi-factor authentication. These solutions include innovations such as smart cards, tokens, readers, and our newest release CloudEntr, a single sign on solution enabling secure access to web-based business applications.

Multi-factor solutions such as this, in particular those which can operate without passwords, are the future: any company with the security of its customers and employees in mind will understand this by now. The password and its many flaws are already losing support from the biggest players; Google and Facebook are now developing physical tokens to replace passwords in an effort to enhance security.

Whether this will be successful remains to be seen, but physical tokens aren’t the only password alternative being developed. In early 2013, Motorola presented the bizarre “Edible Password Pill” to the world, a pill that essentially turns your body into a password. However, it should be noted that this innovation from leftfield is yet to hit the shelves.

Nevertheless, the attraction of passwords is fading, and soon, as John Fontana predicts, authentication will push passwords out to pasture, potentially forever. When this happens, passwords will inevitably be consigned to the past, as they probably should.

Do you see a future for passwords? Or is secure authentication already the present and future for your business? Let us know in the comments section below or tweet to us @Gemalto.