Here’s why Big Tech would prefer a passwordless future
Behind most data breaches, there is a password or phishing attack involved. Passwords are outdated, and should be phased out.
The problem with passwords
Passwords are flawed
The first problem with passwords is that they have been flawed from the get-go.
Passwords were first used at MIT when computer scientist Fernando Corbato wanted computers to manage multiple tasks performed by his researchers.
He created the Computer Time-Sharing System (CTSS), and not long after its creation, a new problem of user privacy occurred. Thus he created the password to protect users privacy.
One of the researchers at his lab wanted more time to complete his work, so he printed out the passwords which were stored on the system and logged in as his colleagues.
This computer was the first computer to use a password, and thus became the first computer to be hacked.
Complex passwords
The second problem regarding passwords; our brains are not wired to remember a combination of characters, alphabets and numbers, and we have to remember these characters and numbers for multiple accounts.
We have multiple Logins (Facebook, Twitter, Instagram, The Banks, Work). To combat this problem, some people write their passwords somewhere; others save them on computers, and even worse, most people recycle their passwords.
Recycling your password leaves you vulnerable to password credential stuffing attacks.
An additional issue is that the password reset process is expensive in the sense that productivity will be lost. Companies could save millions if they were to get rid of passwords.
FIDO Alliance
Is a consortium of more than 250 companies, the goal to advance Two Factor Authentication (2FA), Multiple Factor Authentication (MFA) and reduce the Tech industries reliance on passwords.
FIDO also encourages authentication data to be stored locally and not on the cloud. The cloud can be compromised as it is connected to the internet. The attacker can access sensitive data remotely.
But data that is stored locally on a device is more secure as a hacker would need the physical device, then breach it, it cannot be compromised remotely.
Match on the device is ideal for biometric data.
If your biometric data is compromised, it cannot be changed; unlike passwords, you cannot change your fingerprint.
Biometric Authentication and MFA
They are three forms of authentication:
- What You Know; Passwords, User names, Patters etc.
- What You Have; Ur device, Access Cards, Hardware and Software Tokens, bank cards etc.
- What You Are; Biometric Authentication( Fingerprint, Palm, Iris, Face, How You Move, Heart Beat, Length of your Torso).
Some security researchers have said Biometric authentication will be a disaster. Their main points of argument is that biometric systems can also be hacked.
The risk will be greater with passwords because once there is a biometric leak, then all those people whose biometric data was obtained have been compromised.
A password-less future is inevitable; everyone in the Tech world and end-users will sleep better at night knowing their data is safer; they do not have to memorise complicated passwords.