Is password care an unwinnable battle?
The average person has around 100 passwords to remember, some of which will probably be identical.
Setting up a computer or a smartphone for the first time will very likely lumber you with a password within the first few minutes.
It might be the lock and key for a new Google account or the way you choose to control access to your device.
Unfortunately, whatever the scenario, things can only get more convoluted. The average person has around 100 passwords to remember, some of which will probably be identical.
Experts have never quite managed to persuade web users to take care with the creation and storage of their passwords.
Even after two decades of warnings, there are still 103m instances of the password ‘123456’ logged on the internet.
That latter figure, from the accounting company Schneider Downs, ultimately means that it’s possible to seize millions of email accounts, Netflix subscriptions, and games catalogs in under a second.
It’s a scenario that ought to have fallen into the same pit as GeoCities and MSN Messenger many years ago yet it has become part of the fabric of our digital society.
A study cited by ZDNet found that 92% of people are aware that reusing passwords is a potential risk but more than half of us do it anyway.
So, what’s the alternative? Biometric identification, i.e. anything that uses part of the body as an identifier, has spread from airport security onto smartphones in recent years, to become almost as prosaic as the humble password.
However, the potential of eyes and fingerprints to secure an account has not been realized on desktop and laptop computers, which effectively eliminates biometrics as a tool for the workplace.
Efforts to use implanted microchips as a security pass have similarly hit a wall, not least because of the horror it invokes.
Nevertheless, many of the proposed solutions to the password problem will attempt to remove alphanumeric codes altogether.
Passwordless authentication involves pairing public and private cryptographic keys, ensuring that both the user and the service provider agree to provide access to an account.
After providing their key, the private owner will then have to submit to biometric checks to ensure that they are who they claim to be. Only then will the account be unlocked.
Broken down, passwordless authentication is sometimes explained as including something the person knows, something the person owns, and something the person is.
An incidental benefit of this type of security is that passwordless authentication means no more password resets and, therefore, no more forgotten credentials.
The downside of high-tech password maintenance is exactly that – it relies on something other than a keyboard.
The cryptographic keys may take the form of a mobile phone or a physical token, while biometric scanning implies the presence of specialized hardware (or, once again, a mobile phone).
Given the rate that mobile phones are lost or bricked, though, it’s hard to see their use as much of a permanent solution to access woes.
In any case, there is hope out there for the careless guardians of their own digital lives.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.