Forgotten your password? Maybe it's time to do so forever
Despite their existence being with the best intentions, passwords are a world-renowned inconvenience. For decades, passwords have been interrupting our digital journeys in a battle we can't win: our passwords must be 'strong' and they must also each be different, but as we succumb to the pressure of choosing random or varied combinations for every website, we also end up frequently hitting the 'Forgotten password?' button as it becomes too difficult to keep up.
The worst part is that it's still not enough. Despite every single one of your passwords looking like you just sat on the keyboard, you're not safe. Cyber criminals now have tools at their disposal which can hazard billions of guesses to passwords in seconds. In other words, end-users have to put a hell of a lot of work into creating their passwords, remembering them, and, in some cases, refreshing them every 90 or so days, but hackers only need to run a tool once to get to that password in a second. So, why keep wasting efforts?
Cybersecurity professionals and businesses have been asking themselves this for quite some time. However, perhaps the real question is not a matter of why, but a matter of what: what happens now, and what will replace passwords?
Multi-factor authentication (MFA) is becoming increasingly popular with consumers and is offered by internet giants today such as PayPal and Amazon. As a refresher, MFA adds an extra step to the log-in process by introducing approval from a mobile app, one-time pass codes, or biometrics. MFA is a great way to bolster security, but can be quite a pain for the end-user – and after all these years of grappling with the 'Forgotten Password?' button, it's fair to say that internet users deserve a break!
Another worthy contender to displace passwords are biometrics. For the majority (or at least, anyone who's watched a spy movie or heist thriller), these are easy to get on board with. However, biometrics aren't perfect either. Case in point: imagine a world where you need to scan your eye to access your bank account. At face value, it seems simple and secure enough: no one else has your eye, so what could go wrong?
A lot, sadly. Despite it still being very early days, the shortfalls of biometrics are already apparent. In the above scenario, someone may be able to use a picture of your eye from your social media to gain access. In another example, say you needed to use voice recognition to access your healthcare information. If a malicious actor really wanted to, they could record your voice and use the samples to get access. Scarily, it wouldn't be that hard either! They may only need as little as you to say your name (easy in an introductory exchange) and say 'yes'.
However, even with their setbacks, MFA and biometrics make far more sense than sole reliance on passwords. The internet is not the same place as it once was, where passwords would suffice and we all relied on dial-up. Rather, the digital world is ever-changing, making it all the more alarming that we're still using passwords like we did three decades ago. The contemporary internet environment needs contemporary solutions, and hackers won't wait for us to implement them.