Opinion: The password is dead

Share this article:
Opinion: The password is dead
Opinion: The password is dead

The massive fallout from the breaches of Gawker, Sony and others involving weak password authentication schemes show that the current password system is dead. Let's face it: People can't remember the complex passwords needed for secure logins – not when they have an average of 25 online accounts, and growing. It's time we recognize that this system is not sustainable or secure. New forms of authentication must emerge.

Many organizations lay the burden of secure authentication at the feet of users, who have proven time and again that their nature is to choose weak passwords and use the same password for multiple online accounts. Rather than telling people to remember ever-more complicated strings of letters, numbers and symbols, businesses need to adopt new authentication approaches that are more secure and easier on people.

The interconnected nature of the web, the domino effect of poor password practices, and the amount of sensitive information shared and stored online means that the burden needs to shift. Websites must make strong authentication standards a priority.

The availability of cloud-based authentication solutions make it easy for websites to employ one-time passcodes for logins, which can replace traditional passwords completely or be added to strengthen the security of the login if the user has a weak password.

As well, the widespread use of mobile phones makes it possible for websites to employ multifactor authentication without using tokens, smart cards or biometrics. Additionally, image-based authentication provides yet another way for organizations to offer an easier, yet more secure form of authentication.

Until more websites eliminate “dead” password schemes in favor of strong authentication methods that are easy for users, we'll continue to see poor password practices, enabling hackers to take a data breach at one website and use the revealed credentials to compromise accounts and commit fraud on a number of other websites.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.