Opinion: The password is dead

Share this article:
Opinion: The password is dead
Opinion: The password is dead

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead. Let's face it: People can't remember the complex passwords needed for secure logins – not when they have an average of 25 online accounts, and growing. It's time we recognize that this system is not sustainable or secure. New forms of authentication must emerge.

Many organizations lay the burden of secure authentication at the feet of users, who have proven time and again that their nature is to choose weak passwords and use the same password for multiple online accounts. Rather than telling people to remember ever-more complicated strings of letters, numbers and symbols, businesses need to adopt new authentication approaches that are more secure and easier on people.

The interconnected nature of the web, the domino effect of poor password practices, and the amount of sensitive information shared and stored online means that the burden needs to shift. Websites must make strong authentication standards a priority.

The availability of cloud-based authentication solutions make it easy for websites to employ one-time passcodes for logins, which can replace traditional passwords completely or be added to strengthen the security of the login if the user has a weak password.

As well, the widespread use of mobile phones makes it possible for websites to employ multifactor authentication without using tokens, smart cards or biometrics. Additionally, image-based authentication provides yet another way for organizations to offer an easier, yet more secure form of authentication.

Until more websites eliminate “dead” password schemes in favor of strong authentication methods that are easy for users, we'll continue to see poor password practices, enabling hackers to take a data breach at one website and use the revealed credentials to compromise accounts and commit fraud on a number of other websites.
Share this article:

Sign up to our newsletters

More in Opinions

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has ...

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security ...

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.