Protecting yourself in the digital space is one of your most critical responsibilities. For the sake of digital security, passwords were first introduced into the world of computing in the 1960s. However, at that time, they weren’t as annoying as they are today. Actually, weak passwords have plagued individuals, organizations, and security parameters for a long time.
As we speak, many organizations continue to search for better ways to manage their passwords. It is clear for a while now that passwords may no longer provide the security that is needed in today’s operating environment, which may leave you asking: What’s the future of passwords? Or could there be a world without passwords?
In this article, we will look at what security experts say about the future of passwords. But just to give you a glimpse, it seems we will rely on passwords for at least a few additional years. The good news is that you might not need to stress about passwords as you do today. Before we look at that, let’s explore the history of passwords and why they are no longer adequate.
Why Passwords Are Not Secure Anymore
We have used passwords for several decades to keep computer data safe. Initially, passwords were kept in a notebook or written on a piece of paper because it was hard for users to remember them. Because of this challenge, many users were inclined to use the same passwords for different accounts. What’s even more worrying is that these users made their passwords as simple as possible.
Even today, users still use easy-to-remember passwords to secure their accounts. Interestingly, this strategy has helped them much since a significant percentage of these users usually forget their passwords. According to the 2017 World Password Survey, 32% of the respondents say that they forget their passwords once a week. What’s more – all the respondents admitted that they called tech support at least twice a year for password-related help.
The situation is likely to get even trickier going into the future. You see, we have increasingly adopted a wide range of online services and devices, making it hard to manage. Worst is that it has become a point of vulnerability that cybercriminals can exploit when the conditions are favorable. In fact, the Verizon Data Breach Investigation Report shows that 81% of data breaches are associated with weak, default, or stolen passwords.
There could be many reasons why password security is still a nightmare today. Maybe a lack of updating, overuse, simplicity, and ease of guessing are to blame. In most cases, passwords have something identified to you, such as your pet’s name, your child’s name, or even your favorite sports team. The fact that they contain easy-to-understand details about yourself make passwords a weak protection mechanism.
Sadly, even if you are using the strongest of passwords, for instance, the computer-generated ones, you can still be hacked. Here we are about six decades later, yet we are still grappling with the problem of data breaches. According to TeleSign’s report, almost 800 data breaches occurred in the US in 2015 alone, which exposed over 169 million records. So, as the world advanced under the digital era, the idea of passwords has to change drastically.
The Future of Passwords
The good news is that the future of online security looks bright. The TeleSign’s Beyond the Password: The Future of Account Security report, which collected views from over 600 security professionals from different industries, shows that standard passwords may be an endangered species within the next decade.
A third of the experts predict that their organizations will eliminate passwords within the next four years, while another third believe they will no longer use passwords in 5 – 9 years. On top of this, the report highlighted the following findings:
- Fraud is still pervasive and with high impacts.
- Using passwords alone is no longer enough to protect online accounts.
- Using behavioral biometrics is expected to grow going into the future.
- Multi-layer has become a standard practice for augmenting password security.
- Most companies say that two-factor authentication is here to stay. Most of them will use it within the next year.
Could Stronger Password Management Be the Future of Passwords?
At the start of the RSA Conference in San Francisco in 2019, the World Wide Web Consortium (W3C), in conjunction with the Fast Identity Online (FIDO) Alliance, introduced Web Authentication (WebAuthn) as an official web standard.
The WebAuthn component advocated for the use of passwordless login. This revelation might have triggered some media outlets to publish articles proclaiming the demise of passwords.
But a member of the FIDO alliance believes that passwords will remain relevant for some time. On one side, the FIDO2 specification supports the use of passwordless logins, while the other side of the specification promotes the use of Universal Second Factor (U2F) for two-factor authentication. Most consider this use case as a better way to secure online accounts, only that it doesn’t trigger the same attention as the other component of FIDO2 that seems to promote the death of passwords.
In fact, companies like Dropbox mentioned on its website that it is using WebAuthn to simplify how users add an extra layer of security to their accounts. For liability reasons, most applications or sites that hold critical data are unlikely to adopt a pure passwordless login. After all, the ability to support a passwordless login would force millions of software vendors, app developers, and websites to incorporate the technology and user experience across all their assets.
So, the best security solution is the one that involves accessing applications and websites with reliable encryption and two-factor authentication.
Other Experts Opinions
Several industry experts gave their views on the future of passwords. Here are the main ones:
- According to Mr. Don DeBolt, the Director of Threat Research at Total Defense, passwords are likely to remain relevant going into the future. But he warned that we need to improve their integrity. Vendors must only allow for the use of trusted and vetted code on computing devices.
- The Director of Information Security at LifeLock, Jenner Holden, is also of the opinion that passwords may never go away completely. But they will be supplemented by other robust forms of authentication.
- Bill Goldbach, Confident Technologies’ Executive Vice President, believes that soon we will see increasing use of graphical and image-based authentication methods. Text passwords are likely to remain relevant, but will only act as one layer of authentication.
- David Ackerman, a security expert at Internet Biometric Security Systems, believes that 20% of the mainstream will switch to biometrics in the next five years. And passwords will be out of the mainstream in the next ten years.
- Other possible alternatives to passwords are cell phones. According to Mark Herschberg, an MIT graduate, cell phones are personal and commonplace devices, so they are a better alternative to passwords.
Solving the Password Dilemma
As it turns out, most companies have resorted to using multi-layers of authentication to address the problem of account vulnerability, and consequently, counteract fraud. Besides using passwords and usernames, the other popular technologies being rolled out include CAPTCHA, knowledge-based authentication, and two-factor authentication, which adds an extra layer of security to password security.
We are also likely to experience increased adoption in behavioral biometrics. Actually, biometrics are already creating ripples in the digital security sector, with facial recognition, fingerprints, voice recognition, retina scanning, and even palm vein recognition. According to TeleSign’s report, security experts believe that behavioral biometrics has come of age as a secure, frictionless system for controlling increasingly savvy hackers from hijacking user accounts. Behavioral biometric techniques, such as mouse dynamics, keystrokes, and screen interaction, can help increase account security by weeding out bad actors without compromising user experiences.
New Protection Technologies
Other than two-factor authentication and biometrics, there are other possibilities, including:
1. Heartbeat Signal Authentication
Heartbeat signal authentication method is seen as less intrusive than some biometrics technologies like fingerprints and retina scanning. This technology relies on the fact that the electrocardiographic signals emitted by your heart are unique. So, using them as a means of authentication or as passcodes could be as simple as tracking these heart rhythms on your wearable device or even using your smartphone. Isn’t that fascinating?
2. Brainwave Authentication Technology
Another strategy used to improve authentication is brainwave password technology. The technology involves creating a passcode that is customized and uniquely linked to an individual’s brain structure, memories, and experiences. What is so intriguing here is that these authentication techniques are not only hard to duplicate, but they are also updatable, if needed. What brainwave passwords do is record your reaction to a stimulus – for instance, a picture.
3. Zero Login
This strategy may prove powerful, especially when you consider the relentless manner the digital era is progressing. Zero login technology uses behavioral characteristics, such as typing patterns, location, the pressure of finger taps on a screen, and proximity of devices like ear buds, smartwatch, or even a car.
4. Implanted Microchips
It may seem far-fetched, but a few organizations are experimenting with implanting employees with microchips as an alternative to passwords and key cards. These microchips will enable them to access computers and buildings by placing their implanted hands next to a reader.
5. DNA Identification
Last but not least is the use of DNA for identification. Countries, such as Estonia and Qatar, have set up mechanisms to take DNA readings of their citizens. While these countries have implemented the technology mainly for tracking disease outbreaks, DNA-based authentication will probably become a reality.
Final Thoughts
Clearly, the future of passwords seems bleak as the digital space evolves to a more connected world. With that said, passwords are likely to stay for a while. So, for users to be sure their online personas are not at risk, they need to change their approach to security. Perhaps add multiple layers of authentication. Proper access management solutions and the right identity are essential for the future of password security in your organization.
As you plan to adopt new security technologies, you should also consider increasing safety at the machine level. This way, you will improve your privacy, get rid of viruses, and speed up your device. You can learn some PC repair tips and tricks or even how to clean Macs. Simple tricks like deleting junk files, repairing registry entries, or clearing browser history can help to keep hackers at bay. The good thing is that you can automate these tasks using Mac and PC cleaning software.
Author Byline
Daniel Mutai is a versatile researcher and content strategist with a passion for content marketing, digital media, Cybersecurity, Artificial Intelligence, and technology in general. He currently works as an SEO Copywriter at Softwaretested.com, where he writes on a wide range of tech subtopics, including VPN technology and troubleshooting guides for Mac, Windows, and Android platforms.