Aug 28, 2014
When Charles Darwin said “It is not the strongest of the species that survives but those who can best manage change,” I don’t think he was referring to website passwords. However, I thought this quote was appropriate to where we are now, and how useful passwords are to our lives.
Things evolve, and we replace useless items with different things that fill the need better than the old stuff. I don’t use a Walkman or portable CD player any more because I’ve got an MP3 player or a smartphone which does the same thing, only better. I stopped using a TomTom in my car because I now have a navigation system built in. And my VCR has been replaced by on-demand movies and Netflix streaming, allowing me to watch anything I want almost anywhere I want.
So why on earth am I, along with billions of other people, relying on passwords to secure our lives? Sure, passwords were useful when we worked on systems such as mainframes and client-server solutions, but those compute platforms weren’t globally accessible like today’s web platforms are. Also, in the past we did a few things with computers but the majority of our life didn’t revolve around them; today that’s obviously not the case. We shop online, we bank on the web, we post everything about our lives on social platforms, and our mobile devices have become the centerpieces of our lives. Are we secure with an authentication scheme created decades ago?
There are many problems with passwords, but I think one of the most challenging issues for people is password management. Everyone has a favorite one or two, but every site or application is different. Some require a minimum of six characters, some require a minimum of eight, some require capital letters, some require special symbols, some require numbers… the list goes on. Then you need to change them when the provider or company tells you to or you’ll be locked out. One of my apps, — I believe it’s Paypal — doesn’t let you use any of your previous eight passwords. EIGHT? Seriously? Who has eight passwords memorized? So now we have password managers on our phones where we input every password into every system — and if we lose the device someone has access to everything! Brilliant! Of course, we don’t need to really worry about this because as we found out recently, Russian hackers can just go ahead and steal 1.2 billion passwords with the snap of a finger. Clearly, it’s time for this authentication scheme to change, and, as Darwin says, survival is dependent on managing change.
So now that I’ve railed on passwords enough, here are a few options that we’ll likely see over the next few years:
Personally, I like the idea of voice recognition the most. It’s easy, low cost and can be used on any device. Whatever the outcome though, the important issue is that we start to use an alternative form of security. Username/password theft is appealing to hackers because millions or even billions as we’ve seen recently can be stolen quickly. The shift to another type of security scheme would limit the scale to maybe 10 a day or so. I’m sure there will be great resistance to moving away from passwords but, as Darwin said, the ones most willing to change are the ones that survive.