In a world of digital everything I have started to wonder why we still use passwords to access it all.  Are patterns of letters and numbers really the best way to protect our most valuable data?  From the amount of cybercrime, I would assume not.  So we must do it because it is so dang easy… but then why are we always forgetting which password we used for what?  Isn’t it time we found a better solution?

The Problem:

  • 73% of all Americans have been a victim of some type of cybercrime.
  • Typically there is a 156 day lapse before a compromised account is detected.
  • It only takes 10 minutes to crack a 6 digit lowercase password
  • Over 1 trillion dollars’ worth of intellectual property is stolen every year by compromised passwords.
  • Roughly 2/3 of people use the same passwords across all their accounts
  • Even when notified of a compromised password, only 8%  of people change a password immediately
  • Users tend to share passwords with close friends, family, and co-workers

The written word simply is not a secure method for protecting our most valuable data.  Yet for some reason, it is the still the standard, and in many cases, the only option we have.  Technology has advanced to the point that new options are becoming available.

You may have noticed more and more websites requiring “two-step” authentication.  This is where you are required by the site to not only use a password but also use a secondary device or system to verify your identity.  This is typically done by forcing you to retrieve a code via a confirmed email address, text message, or automated phone call.  Surveys show that although 40% are on board with this method, the other 60% find that two-step authentication takes too much time, doesn’t work well, or is unneeded.

Captcha’s are also quite common as a control method for account protection, but typically frustrate more users than they protect.  For a captcha to be strong enough to prevent a bot from being able to break it, it has to be quite difficult.  So difficult that it is even difficult for the human eye to distinguish, making logging into accounts sometimes tedious and troublesome.

The Solution:

  • Biometrics – It is about time we start using ourselves as our password.  Fingerprint scanning, retinal scanning, facial recognition are all acceptable options.
  • Voice Recognition – Voice recognition is certainly attainable, but may not be as secure as a finger or palm print.
  • USB keys – Using a USB as a sort of “key” to your computer and websites would be an interesting method of security.  It would have to be plugged in to access your files on websites.
  • Drawing/Touch based Passwords – Like Windows 8 has down on their tablets, involving touch patterns or drawings allows any number of unique passwords that would be near impossible to guess or crack.

So what needs to happen before we make the switch, and why haven’t we already?  One main reason, because no one trusts these other methods yet, and for good reason, they don’t work all that well.  Big players like Google, Sony, and Apple, have been absent from this market, leaving small companies to lead the way on innovation.  The products that have come out have been okay at best, and need some serious R&D before we can consider them a replacement for passwords.