The Password Is Dead! Long Live the Password!

By Michael Thelander

Passwords have been keeping sensitive computer data safe since 1961, when computer scientist Fernando Corbató first introduced the industry standard in online authentication to what was then a very small digital community. Almost six decades later, and too many consumer data hacks to count, now 87-year-old Corbató can attest that password usage has become a bit of a “nightmare.”

The Writing’s on the (Fire)Wall

According to a 2016 report released by Telesign, the number of data breaches in the United States hit an all-time high last year, topping nearly 1,100. That’s a 40 percent increase over the near-record high of 780 reported in 2015. With the Yahoo! hacks, that’s over 6 billion compromised accounts since 2013 alone. To no-one’s surprise, compromised passwords were the port of entry for a vast majority of these attacks, largely due to consumers’ poor password hygiene across accounts.

Despite this – and the password’s innately high-risk nature – usernames and passwords are still very much engrained in the fabric of today’s online businesses as the primary means of initial authentication. With the steady cadence of big-name, password-driven data breaches always in the news, though, consumers are starting to wonder if there’s a better way.

Is the Password Dead?

A recent report from iovation and Aite Group cemented consumers’ musings about the stability of the password, revealing that while they’re comfortable using them, over 85 percent of respondents who use online and/or mobile banking platforms recognize the need to bolster online security and move away from the archaic password. But because of generational preferences among millennials, Generation X, Baby Boomers, and seniors, there are some differing opinions about what the password’s replacement should be.

Not surprisingly, millennials stand out as the most receptive audience to a new authentication experience, perceiving fingerprint biometrics (85%), eye biometrics (76%), facial recognition (71%), and device identification (71%) as the most effective authentication methods among emerging technologies.

Gen Xers shared similar preferences to millennials, also ranking fingerprint biometrics, eye biometrics and knowledge-based authentication questions as their top choices, respectively, while Baby Boomers and seniors were found to be most in favor of fingerprint biometrics.

Though they’re ready, moving toward, a future without passwords will significantly impact everyday experiences that are almost second-nature now for consumers. Companies must find the middle ground between a frictionless, streamlined user experience and increased security, especially when accounting for users’ varying comfort levels.

As the survey proves, if provided with authentication alternatives like biometrics or facial recognition, consumers will eagerly embrace them. Biometrics in particular have the ability to increase security without compromising the consumer experience – think iPhone’s Touch ID or Apple Pay).

Actions Speak Louder Than (Pass)Words

In an attempt to meet consumers’ changing needs, reduce the risk of fraud, and address increasing online vulnerability, businesses are actively looking for ways to add multiple layers of authentication to augment password security – or lack thereof – and wean consumers off the antiquated, albeit comfortable password method.

One option is to prompt increased mobile use, where entering usernames and passwords on a small screen is inconvenient, and where new authentication methods like fingerprint recognition make sense. Running further authentication in the background – on standby for high-risk situations – is another viable tactic. Regardless, arming consumers with a wide range of authentication methods is imperative, allowing consumers to choose which style of authentication they prefer, while also providing alternatives if thieves compromise a particular mode of authentication.

No matter the format, it’s clear most consumers are ready and willing to adopt a new form of authentication beyond the ancient password. Others still need to be persuaded. While outside of their comfort zone, online brands must move toward multi-factor authentication, appealing to the masses, avoiding internal credential caches that can be breached, and outsmarting would-be thieves.

About Michael Thelander

Michael has a twenty-year history in product marketing and product management, with a focus over the last seven years on cybersecurity. He held senior product marketing and product management roles at security leader Tripwire, and has other career highlights that include co-founding a successful startup and receiving patents for network technology.

More About Michael