In order to create an account anywhere, most of the time you will need a username and password. That has been the standard since security and privacy were brought to the forefront of technology. Most scholars trace it back to the 1960’s-1970’s. The original purpose was to log into a particular network for authentication. However, we can trace the use of passwords back even further. Throughout history we hear stories of people using passwords to identify who is an ally and who is an enemy. These were code words translated to images, phrases, randomized letters, a single word, or a single character. Fast forward to 2020, do we still need them?
I originally titled this post, “Are passwords going extinct?” But, I changed it to the current title because I thought the question was too simple. I don’t think this is a definitive, “Yes” or “No” answer, but something more complicated. My short answer is no, I don’t think passwords will go extinct, but rather take a different form instead of the well known “8 letters, one uppercase, one lowercase, and one symbol” dynamic.
When more and more people had general access to the internet in the 1990’s, an increase in sensitive data was generated as a result. With this increase, the idea of password hashing became more popular. The original idea was proposed by Robert Morris Sr. in the 1970’s. Hashing takes the password and converts it to a string of numbers that represent the original password phrase. The benefit of this is that the actual password is not stored in the password database.The ultimate goal here was to prevent passwords from being hacked, leaked, or breached.
But this is no longer the 1970’s. This is 2020, where everything and anything is online. Large companies such as eBay, MyFitnessPal, and Ring, have all experienced data and password breaches. On a personal level, we’ve all seen our friends or family members have their social media accounts compromised because someone was able to guess their password. What’s going to stop that in the future?
There are a few flaws with the idea of a password.
One, keeping it simple and using personal information gives the hacker the green light to guess the password on the first try. Two, using the same password for all social media accounts gives the hacker a right of passage to see what other accounts you have by typing in the password to any website with your supposed username. Three, using different complex passwords on every website leads to forgetting the password and resulting in resetting it to something memorable.
The next question asked is, “Well, how can I know if my password is secure?” There are several different sites that you can use in order to check your complexity. I tend to use password strength meter websites to see how long it would possibly take a hacker to guess my password. Another tip I learned is to use a mix of numbers and letters, phrases, or a short sentence. On top of all of this, using Two Factor Authentication, or 2FA, sets another layer of protection on your accounts. Yeah, it may take longer to log in and you may need to download another app, but I would much rather have that than someone hacking my account.
In the end, I think passwords will take a different form over time. More and more people will start to use 2FA and biometrics as passwords. We already see it with the new iPhones. It started with the fingerprint, now it’s facial recognition. Even though these are typically backed with a passcode, I still think this is safer than just having a passcode alone. Soon enough, desktop computers will come with it by default, and it’ll be part of our everyday lives. We will still need passwords to log into networks, company files, and enterprise based products. But, I think accounts such as social media, email, and banking will start to lean towards biometric log-ins.