In the early 1960s, Fernando Corbató was developing a system to use with other people and needed a way to protect his private files. He solved this by using a password and became the first person in history, at least on record, to use one. We know what happened next. Over the years, pretty much every company started using passwords to protect their information.
The problem is that over time we realized that passwords aren’t actually that secure. That’s because some users choose very weak options (we see you, “123456”) and because passwords can be stolen or obtained through different techniques —such as a brute-force attack, which tries hundreds of thousands of possible passwords until it finds the right one.
And while password managers such as 1Password or Dashlane try to make passwords more secure, this is not enough. That’s why both startups and renowned companies are trying to get rid of them —some not so famous, such as Okta or Duo, and others we all know, such as Google or Microsoft.
Let’s take a look at an example. I use a software called Notion a lot. Although I have the option to enter my password, it’s not the default option in the app. When I want to log in, I have to enter my username —which is my email— and then they send me a code, such as “ljago-eledr-tista-iorje” (this is a real example). So, I use that as my password to log in. There you have it: a system that doesn’t use passwords as the main login method. Instead, it uses this technique called one-time passwords. If you want to use it again the next time you log in, it won’t work.
In fact, even if we don’t realize it, there’s a company that has done quite a lot to stop using passwords: Apple. Their facial recognition technology on their iPhone is the most used method to unlock the phone. The fingerprint reader on its MacBooks is another example. These two innovations are ways to leave conventional passwords behind. The company hasn’t completely achieved its goal yet, but it’s made huge progress: as both an iPhone and MacBook user, I rarely have to enter my credentials.
Nowadays, biometrics is undoubtedly the main alternative to passwords, thanks mostly to mid- and high-end smartphones that use facial recognition and are in hundreds of millions of pockets.
Physical items —such as pen drives which include cryptographic information— are one step ahead. When we connect them to computers (in the case of USB keys) or rest them on an NFC or Bluetooth reader, the system automatically reads our data and unlocks the device.
The problem is that most systems are not so convenient for end users. Would you let access to your devices depend on not losing a flash drive with your cryptographic information? The answer is a bit tricky.
Some options, such as Notion or Apple’s solutions, are very simple. Others, such as the flash drive, are a bit more complex because our ability to work or use our computers will depend on an external device. Although security and privacy must come first, the developers working on these types of systems also know that, if they are too complex, end users will simply not use them. That’s why they’re constantly working on improving the current tools we have and creating new and simple ways of safeguarding information.