02 Jul How To Kill The Password: Don’t Ask For One
Medium is the latest to put ye olde password in the crosshairs.
Streamlined blogging platform Medium rolled out a new login process Monday that throws the trusty old password out the window. Instead, you simply enter an email address or phone number, and a temporary login link lands in your inbox or phone—just like password reset or account verification links used by sites when you first sign up.
“Passwords are neither secure nor simple,” writes Medium’s Jamie Talbot, summing up a sentiment that has been picking up steam lately. “They’re hard to remember or easy to guess, everyone reuses them (even though they know they shouldn’t), and they’re a pain to type on mobile. They don’t even keep you that safe.”
For being gatekeepers (or bouncers) for our online accounts, they’re inordinately vulnerable. They can be “brute-forced” through trial and error, teased out of you with a cleverly worded email or IM message, applied to access numerous accounts—thanks to our insistence on using the sames ones over and over—and easily leaked out onto the Web. Put another way, they don’t really do a good job of proving that you are who you say you are, and keeping everyone else out.
That’s precisely why companies are hot to ditch passwords and find another way to protect our online accounts—like temporary, auto-generated links or tokens.
The Trouble With Passwords
Password safeguards essentially work the same way: If someone gets access to that alphanumeric word or code, your account is theirs until you notice and swap it out. But that delay can be costly (in more ways than one).
Preventing that nightmare scenario has become a core business for companies like Dashlane, 1Password and LastPass, which manage and hide the bevy of logins in a user’s life behind one secure master password. But these businesses may have to brace themselves, as auto-generated tokens and hyperlinks aim to nix their bread and butter.
Unlike passwords, those temporary links or codes don’t work in perpetuity. They slam the door closed on access after a single use, a set period of time, or often both. And apps and services send them directly to the most convenient receptacles available to you—your email inbox or smartphone.
Read full article>>