Kill The Password

Kill The Password

The password, the chief means of securing access to our most valuable data, has become almost completely useless, no longer even presenting a speed bump for hackers and mischief makers.

There are a myriad of problems with the password in the modern computing context. We are no longer signing onto a single mainframe. We have multiple applications in use across various platforms. That means we are forced to remember far too many passwords. This causes people to use silly ones like 1234 or the same password across multiple sites, not even attempting to be secure.

Think about the last time you got a new device and wanted to sign onto Facebook or other favorite online service. If you’re like me, and use different passwords across sites, you probably forgot yours. You could do what I always do and click Forgot Password, but that would mean changing the password across all devices. It’s a horrible system.

I face this problem quite often and I’m sure I’m not the only one. We clearly need a better way.

Too Many Passwords

The static password sitting in a database, is perhaps the dumbest idea anyone ever came up with for security. As soon as a resourceful (or even not terribly bright) hacker finds his or her way into the database, as we’ve learned time and time again, the passwords are sitting there for the taking, a giant treasure chest, a hacker’s wet dream.

A 2012 poll found that 41 percent of people memorize their passwords, while 29 percent write them down and 9 percent store them on a file on their computers. None of these are ideal options.

Another 2012 survey found that the average person had 17 personal passwords and 8.5 work passwords. Chances are those numbers have only increased since that time. If you truly do use multiple passwords, then trying to remember more than 25 passwords is a daunting task.

There are businesses like Ping Identity and Okta that try to simplify this with single sign-on with various degrees of success. That works for the business side, but doesn’t really help consumers.

We can use password managers to help us remember, but of course, the password manager is protected by — you guessed it — a single password. That means if someone hacks the password manager, they get access to *all* your passwords. This actually happened to LastPass earlier this year.

However many passwords you have or however careful you are, chances are at least some of them have been scooped up in the many infamous hacks over the last two years.

continue reading >>>