Do Passwords Have A Future?

Organizations are constantly looking into newer methods and technologies to make their network more secure mainly because they are concerned about all of the hacks occurring. Using passwords only for applications with secure data is just not safe enough anymore. Many recent surveys have shown that organizations believe that password will be phased out in the next couple of years, but why? Is this really true? And, if so, why don’t people like passwords as a security method anymore?

Organizations are no longer using passwords for many reasons. They believe that passwords alone can cause a security risk that may lead to their network being compromised. The most very common reason is that they are apprehensive that their employees are using very simple passwords that hackers can easily subvert. In turn, to mitigate this issue they often require employees to use complex passwords for all of their logins. For example, within your organization you might have employees use upper case, letters, numbers, special symbols, etc. in each of their passwords. This, however, leads to the other common issue that many people and organizations encounter.

Employees often write down their passwords. If you walk past the cubicle or desk of many employees you will often see Post-it notes on their computer screen, on their wall, on their phone, etc. with the passwords to all of the systems and applications that they use.

This is because of the very difficult complex credentials that they are required to use for all of their applications. End users can typically remember two or three sets of complex credentials. After that, they need some way to remember them, which is, most likely, an unsecure method. Both of these very common issues have left many people thinking that the password is dying and that newer technology is required.

While yes, the issues described above are a security risk, there are many reasons why I believe newer technology will be implemented by many companies, but that passwords won’t completely be phased out. There will be new technologies, though, added methods to make the authentication process more secure, which are already being utilized.

One popular method is by adding an additional layer of security with two-factor authentication. This second form of identification method is nothing new, but the actual form has been changing and becoming more advanced in more recent years. Biometrics has been something that many organizations have been using as a second form of identification and is gaining in popularity. Biometrics is the use of the human body or traits to verify who they are. Such methods use human voice, retinal scanning, facial recognition or fingerprint to authenticate a user, the most common being fingerprint or a facial scan. Amazon has gained much publicity recently for using facial recognition for its payment process. The technology requires the user to take a picture of themselves to authenticate they are who they claim to be.

Other even newer technologies are also being developed that can be used as the second form of authentication, such as behavioral biometrics. This is the use of a unique identifying action of the end user. An example of this would be the way in which someone types to enter their password. When someone types they have a unique pattern that can be linked to the user. Behavioral software allows an end user to only be authenticated if they enter their password using their unique typing pattern. This, of course, requires the user to still use a password, but uses their typing pattern as the second factor of identification.

This type of two-factor authentication can be used with every device and even with cloud applications, which means that employees who are working remotely can receive the same benefits. It also ensures that the company can thoroughly authenticate employees who are outside of the network while still keeping the company’s databases and applications safe.

While many people believe that the password is no longer secure, and will be dying off in the next decade or so, I believe it will still be around, just being enhanced with additional layers of security technology.