7 Reasons Passwords Are Doomed - Finally

Guest author Toby Rush is founder and CEO of EyeVerify, a biometric authentication company.

Passwords control your life. From accessing work email and stock prices on the go to checking a grocery store shopping list, passwords have become the primary source of identifying who you are. They are arguably more important than your driver’s license.

But with that ubiquity comes risk – this tiny, yet powerful device contains enough information to expose your financial or health records and other personal details. From an enterprise perspective, the risks are just as great, if not greater.

Ubiquity also creates confusion. On average, password reset requests make up 10% - 30% of all IT helpdesk calls. It’s a productivity black hole.

Granted, despite their problems, passwords have shown incredible staying power. But here are seven reasons why they will finally fade away.

1. Behavior isn't as ingrained as you think: Key fobs and smartphones have replaced car keys. Contactless RFID is now the primary way to access buildings. People are not wedded to specific forms of authentication. If you give them something better and more convenient, they will go with it.

2. Inadequate security: While most Internet break-ins occur in the back-end, passwords are still a security risk. Some criminal break-ins at data centers are specifically targeted at getting passwords and PINs.

Today’s authenticators need to meet two key criteria. First, they need to incorporate a unique identification scheme that can represent only a single person. Second, the authenticator must be able to detect spoofing so that only that authorized person can use this unique identifier.

Combinations of usernames and passwords can theoretically be made very long - and thus unique. However, there is no “liveness” check for passwords. The system has no way of knowing “who” submitted the password.

3. Your memory isn’t very good: How many different passwords do you have? The average person uses ten online passwords every day? How many times a month do you have to hit the “forget password” button? What is the password to your 401K account? At best, you have your phone or computer memorize your password, a security headache (and one that doesn’t work if you erase cookies).

4. Existing onboard sensors will enable mobile security: The number of connected devices (tablets, smartphones, sensors, PCs, etc.) will grow to 15 billion by 2015. According to Gartner, in 2013 mobile phones will overtake PCs as the most common Web access device worldwide and that by 2015, more than 80% of handsets sold in mature markets will be smartphones.

With these connected devices, a variety of authentication snapshots can take place at once: Cameras can capture eyeprints; GPS can determine location; and IP addresses and SIM-card characteristics can be used to achieve persistent yet passive authentication.

5. Emerging markets will drive technology adoption: Since 2010, the government in India has been creating the world’s largest and most sophisticated database of personal identities. By providing unique identification numbers for more than 1.2 billion people, the government is addressing core human services – be it food distribution, financial aid or education assistance.

Serving a culturally and linguistically diverse population requires simple, secure and scalable authentication. The need to bring the country’s poorest citizens into the mainstream will move technology adoption at an incredible rate.

6. As mobile banking spikes – so will security risks: Berg Insight estimates that 894 million users will access mobile banking by 2015. Credit card numbers, Social Security numbers and passwords are all numerical identities that are constantly at risk of being stolen. In the months and years ahead, expect see more banks moving beyond password and PIN technology.

7. Monetization of social networks will continue to introduce new dangers: The more we use social channels for gaming, ecommerce and other online transactions, the more we open up new threats to privacy intrusion and identity theft. Passwords simply aren't good enough to deal with the threats.

Sure, passwords will probably always have uses for certain low-priority security and authentication tasks. But for protecting the things that really matter, passwords can't meet their doom soon enough.

 

Image courtesy of Shutterstock.