A decade ago Microsoft founder Bill Gates predicted the eventual death of the password. The tech billionaire told a computer security audience that people will rely less and less on the password. Ten years have passed since those remarks and passwords still remain a prevalent aspect of computer systems, account information, and cloud access.
Each year, the general public is given a list of the top 10 most-used passwords - abc123, 123456 and password are the usual suspects - and at the same time we’re regularly informed of account compromises, security breaches and data vulnerabilities. Whether or not passwords are to blame for these cyber infiltrations is debatable.
This past summer, computer experts cited the Russian credential theft of more than 1.2 billion users as an example of why the password has become irrelevant. As such companies need to develop stronger authentication measures to enhance security and improve access to sensitive data.
Phil Scarfo, Senior Vice President of Worldwide Sales and Marketing of Lumidigm, wrote earlier this year that he is still amazed that despite all of the technological advancements that have been made in the last five years alone we still depend on an archaic form of security authentication that dates back to the 1960s.
"With more than 1 billion people today with broadband access – up from only about 38 million in 1999 – we are at a tipping point. Secure apps on a smart device coupled with a biometric can provide all the authentication technology needed for the next generation or more," Scarfo stated.
"This is not to say that the biometric employed must be an integral part of the device. This is certainly one option. But with secure credentials being stored and securely transmitted over NFC, Bluetooth or other means in a smart device, the conditions are there for a very convenient and secure ’smart digital key.’”
In October, search engine juggernaut Google unveiled an interesting way to log into Chrome and Gmail: a simple two-factor setup USB key. This was an instrumental demonstration of why it may be an important time to ditch the age-old account name and password. Ostensibly, the days of remembering several different usernames and passwords may be dumped into the dustbins of history as industry leaders are developing new methods to login.
Fast Identification Online, also known as FIDO, is a cryptographic backing for any authentication service or device. Analysts say this will make it easier for anyone who wishes to produce a smartphone with a fingerprint scanner or an app that requires a fingerprint to enter. It is now expected that a wave of products will be announced over the coming months, which could very well become a billion-dollar industry.
Here is what Nate Swanner of SlashGear wrote on the FIDO 1.0 specifications:
"FIDO wants to take us away from passwords and into authentication, and their system does a pretty admirable job of making sure you actually have your phone or computer with you. The authentication standards aren’t technically new, but FIDO’s are the first to be widely available with some major backing. If success or failure depends on who’s using your system, Google isn’t a bad backer to have, and open sourcing the software might encourage others to join in as well."
Meanwhile, the FIDO Alliance, a consortium of companies like Google, Amazon, PayPal, Microsoft and Ali Baba, announced the ratification of version 1.0 of its Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F) specifications, measures that are meant to facilitate facial recognition systems, voice scanners and fingerprint readers. This group aims to eviscerate the password once and for all.
With an enormous sum of cyber attacks, this will certainly become a billion-dollar industry as consumers, corporations and businesses seek out greater security protocols in order to protect their data and information. Various companies affiliated with the authentication industry, such as Duo Security, Authy, Clef, and TeleSign, have already raised tens of millions of dollars, in just a few months.
Indeed, it will be a tough endeavor killing the password. But with some of the biggest brands in the world today involved, even including MasterCard, it’s a battle that will surely meet its objective: kill the password.
Image source: iStock