Opinion: The password is dead

Share this article:
Opinion: The password is dead
Opinion: The password is dead

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead. Let's face it: People can't remember the complex passwords needed for secure logins – not when they have an average of 25 online accounts, and growing. It's time we recognize that this system is not sustainable or secure. New forms of authentication must emerge.

Many organizations lay the burden of secure authentication at the feet of users, who have proven time and again that their nature is to choose weak passwords and use the same password for multiple online accounts. Rather than telling people to remember ever-more complicated strings of letters, numbers and symbols, businesses need to adopt new authentication approaches that are more secure and easier on people.

The interconnected nature of the web, the domino effect of poor password practices, and the amount of sensitive information shared and stored online means that the burden needs to shift. Websites must make strong authentication standards a priority.

The availability of cloud-based authentication solutions make it easy for websites to employ one-time passcodes for logins, which can replace traditional passwords completely or be added to strengthen the security of the login if the user has a weak password.

As well, the widespread use of mobile phones makes it possible for websites to employ multifactor authentication without using tokens, smart cards or biometrics. Additionally, image-based authentication provides yet another way for organizations to offer an easier, yet more secure form of authentication.

Until more websites eliminate “dead” password schemes in favor of strong authentication methods that are easy for users, we'll continue to see poor password practices, enabling hackers to take a data breach at one website and use the revealed credentials to compromise accounts and commit fraud on a number of other websites.
Share this article:

Sign up to our newsletters

More in Opinions

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.

Buying something illegal? Bitcoin is not the currency for you.

Buying something illegal? Bitcoin is not the currency ...

While it's considered a form of anonymous currency, Bitcoin isn't as private as you may think.