Is the Password Dying?
Originally published in CPA Practice Advisor November 2017
Think of all of the passwords you manage right now. How many of them are written down? Do you use the same password for multiple websites? We know these actions put our data at risk, but we do them anyway because otherwise, we couldn’t possibly remember the hundreds – if not thousands – of passwords we’d need to memorize for all of the apps, devices and websites we use in our personal and professional lives.
It’s not hard to see why people don’t like passwords. We share a lot of sensitive personal information with companies, including Social Security numbers, health records, and bank account and credit card numbers. Even password managers don’t eliminate the risk but they do have features that will help you to minimize it.
No matter how careful you are with your passwords, your data is increasingly vulnerable to hackers. Accenture’s recent report Digital Trust in the Internet of Things Era polled 24,000 consumers in 24 countries and found that less than half (46%) feel confident in the security of their personal data and 77% indicated they’re interested in using password alternatives to protect their information. Just a few years ago, those alternatives were rare and expensive to adopt, but today the shift away from passwords is accelerating. So let’s take a look at the options out there.
I covered multi-factor authentication in detail for this space recently. While multi-factor authentication often uses passwords, it also requires one or two additional pieces of information. Strong authentication requires two or more of the following:
Something you know. A password, PIN or answers to previously established security questions.
Something you have. A physical object in your possession, such as a token or text-enabled phone.
Something you are. Biometric features such as a fingerprint.
I touched on biometric authentication above, but it involves much more than just a fingerprint. Facial, voice recognition and iris scanners are the most popular methods after fingerprints. But companies are experimenting with many more biometric authentication methods to replace passwords, including heartbeat recognition, vein recognition, hand and finger geometry.
One-time passwords (OTP) are an authentication mechanism that uses non-persistent passcodes that are valid for only one session. For each login attempt, a passcode is generated and sent to the associated phone number or email address. The user has to enter the passcode to access the account, and it is only valid for the duration of one session. Subsequent logins require a new passcode.
Microsoft introduced an alternative to traditional passwords with Windows 8. With a touchscreen PC, you can use a finger to doodle on the Windows wallpaper. That doodle becomes your password.
For example, suppose your wallpaper has a picture of a road leading into the mountains. You might trace the sides of the road with your finger, then circle the highest mountain peak. Those gestures become your password. To log into the computer, you simply perform the same doodle, in the same sequence and direction as they were originally performed.
While each of these technologies has their own benefits and pitfalls, almost everyone agrees that passwords alone are too insecure for modern use. Our digital world requires more privacy and security than passwords can provide. We’ll likely see a decline in password use in the next few years as alternatives supplement or replace them.
Jim Boomer, CEO of Boomer Consulting, Inc., is an expert on managing technology within an accounting firm. He serves as the director of the Boomer Technology Circles, The Advisor Circle and the CIO Circle. He also acts as a strategic planning and technology consultant and firm adviser to CPA firms across the country. Accounting Today called him a “thought leader who can help accountants create next-generation firms.”
Jim is a prolific writer with a monthly column in The CPA Practice Advisor and has been published in a number of industry publications including Accounting Today, Accounting Web, the International Group of Accounting Firms and several state society publications.