Architecture, Network security

The immediate future of passwords

November 13, 2013

One of the most frustrating parts of the work day for many is the constant logging in to systems and applications needed to access for their job. While this process is mildly annoying for end users, the authentication process (logging into systems using a log in and password combination to verify a user) is extremely critical for the organization to ensure that the user is who they say they are.

The most common and well-known authentication method is the user name and password combination, but will this always be the case?

The use of passwords as the only authentication method has many flaws, and has the potential for security breaches, which has left people questioning how passwords will change, or remain, as we know them today.

There's no doubt that remembering the menagerie of credentials that allow access to all of the systems and applications needed to work and perform one's role is a tedious and difficult task. Known as “password fatigue,” is the “feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine.” Organizations require end users to use complex passwords with long strings of letters, numbers and characters in the hopes that this will ensure network and system security. Couple this with the requirement to change passwords every month or so and the process is overwhelming to manage.

Though organizational leaders believe they are making their network more secure, in reality, they are forcing their employees to use unsecure methods so they can remember their credentials. End users typically write them down on a password sheet or put them on a Post-it note on their computer, leaving the company's network unsecure and allowing access to all of a company's systems.

According to a recent Tools4ever survey, end users must remember up to an average of 12 different username/password combinations. This is an almost impossible task and in recent years has led to a number of security breaches. Because of this, there is a push for new ways to securely authenticate users.

There have been many authentication methods developed -- some newer and futuristic and others that have been around for a while.

One futuristic approach is the use of biometrics. Biometrics is the use of the human body or traits to verify a user. For example, such methods use human voice, retina scanning or facial recognition, and fingerprint to authenticate a user. Some computers are even able to read the users signature and match it to their original signature in the system to verify the user.

More developed methods include technologies that use a mobile phone for authentication. Several companies have developed shells that attach to the phone to capture the fingerprint or iris of the user to authenticate access. Others have technology that uses a cell phone's GPS to authenticate the user.

Even more extreme methods have been developed by companies such as Motorola. The company proposes a “password pill” with a microchip and battery activated by stomach acid that emits a unique ID radio signal. While this method may be farfetched, it shows just how far companies are willing to go to ensure security of their information and their systems.  

Does this mean the end for passwords? Not exactly.

Though these methods seem promising, using one method of authentication is always less secure than using multiple factors. Therefore, the future of authentication lies in two-factor or multiple-factor authentication. This increases the level of security by requiring that the user present something she knows, such as a password or PIN, something she has, such as a smart card or mobile device, and possibly something she is, such as a biometric characteristic. This means that passwords are here to stay, and will most likely be combined with another form of authentication.

Before any of this happens, however, the methods mentioned above will need to evolve to become easier to implement and more cost effective for the organizations implementing them. Many currently are exceedingly expensive and require much software and hardware for implementation. In addition, some of these methods cannot be used in certain work settings.

For example in healthcare, physicians and nurses who are constantly washing their hands would not be able to use their fingerprint to log in. Same goes for manual laborers who put a lot of wear and tear on their hands. Organizations will need to evaluate which methods would work best for their situation and adopt solutions accordingly.

So, for the time being and at the possible dismay of the end user, passwords are here to stay – at least for now, but will become more secure. However, there are solutions currently available that can ease the annoyance of passwords for the end user and actually further ensure security. Two-factor authentication in conjunction with single sign-on allows users to access all of their systems and applications while eliminating the need for them to key in their passwords, and eliminates the need to write them down to remember them.

Two-factor or multiple-factor authentication seems to be where we are heading with the future of authentication.  This will allow organizations to provide the strongest security to their networks. Though advanced authentication methods will have to evolve and come down in price before they will be widely implemented as organizations look for a way to improve security and meet budget needs.

Perhaps future methods will even use apps on a mobile device and allow the user to authenticate via Bluetooth by connecting to a phone to their computer. Futuristic methods, such as these, are becoming more realistic and will be commonplace sooner than we might think.

prestitial ad