In the last two weeks, the Petition Against Passwords movement launched by a group of US-based companies that sell password-less technology has been gaining widespread media attention across the world. Their mission is to collect every frustrated yell at forgotten passwords and make sure the organizations responsible hear them.
In the RSA conference in San Francisco early this year, James DeLuccia’s Passwords are dead created quite a buzz. At the conference, Zoho’s sister division ManageEngine demonstrated its Enterprise Password Management Solution, Password Manager Pro, and almost all the visitors to our stand quipped: “They are talking about the death of passwords and you are demonstrating password management!”
So, we hear the vox populi loud and clear: Clearly, people are fed up with passwords. With the proliferation of online applications, a variety of passwords occupy each aspect of our life. Remembering dozens of passwords is impossible; storing them only invites trouble and managing them manually is a pain. With high-profile security breaches involving stolen online identities, all of us want to be rid of passwords. So, when someone talks about replacing passwords, it’s only natural for people to get interested.
But, the million-dollar question is: Do we have viable alternatives if the passwords die finally?
Before going any further, here is some history on ‘death of passwords':
For over a decade now, people have been discussing the death of passwords. In the same RSA conference in 2004, Bill Gates, the Chairman of Microsoft predicted the death of passwords. In 2006, he said that the end to passwords was at sight. Not just Bill Gates, but many other luminaries and industry analysts have been predicting the death of passwords.
However, in reality, the predictions haven’t yet materialized. Passwords are still the most prominent method of authentication till date. Alternatives to passwords, such as biometric authentication, iris authentication, facial authentication, various forms of multi-factor authentications, and even authentication through items like watches, jewellery, and electronic tattoos, are all being discussed. Active research is also on to formulate better alternatives.
However, none of the alternative approaches have been viable for various reasons. Firstly, passwords are very easy to create and are absolutely free. Whereas, the alternate models are mostly expensive, require additional hardware components, are difficult to integrate with the existing environment, and are not easy to use.
Interestingly, some of these alternative authentication methods have been cracked even before they could be adopted widely. Few years ago, a group of researchers hacked faces in biometric facial authentication systems by using phony photos of legitimate users.
As on date, a viable replacement for traditional passwords is not in sight! We may get one in the future, though. But, it will require considerable time for the new mechanism to be accepted and adopted. That means, traditional passwords are not going to die anytime soon; they are going to be around for a while.
Passwords are not the problem; their management is
While raising our voices against passwords, we overlook the actual problem, which is poor password management. Due to the inability to remember passwords, users tend to use and reuse simple passwords everywhere. Users store passwords in text files and post-it notes; share credentials among the team members; and pass them over emails or by word of mouth. Real access controls do not exist and passwords of sensitive resources and applications remain unchanged for ages. Such bad password management practices invite security issues and other problems.
Use a password manager
While the research to find an alternative to passwords continues, it would be prudent to deploy a password manager to safeguard your data. With a password manager, you can secure all your passwords in a centralized repository; use strong, unique passwords without worrying about remembering them; automate and enforce password management best practices; control access to resources and applications; keep track of activities; and do much more.
If you are wondering which password manager to use, take a look at Zoho Vault.