We have a love/hate relationship with our passwords. We have to love them because they give us access to practically everything necessary in our home and work life – from banking and email accounts to Netflix and school activity accounts. The hate part comes in when we try to recall what password we created for each account – and there are many from which to choose!
An online survey last year from Intel showed that the average person had 27 discrete logins (accounts). In an ideal world, that means they'd have 27 discrete passwords to remember (although the likelihood of that is slim, which adds to the security risk and an inherent problem with passwords). If you're like me, you have more logins than 27 between work and home.
For decades we've used passwords because nothing better has gone mainstream to replace it. User name and password is the single-factor authentication default that quickly provides access to an account, and when paired with other forms of authentication, such as a text-driven one-time-password, is considered sufficient for most security needs.
There are alternatives to typical passwords in use today, although right now most are combined with some other factor of identification or a password backup.
Biometrics. Biometrics are in play today on our devices, at airports and creeping into our payment industry (if you want to consider a selfie – your face – a type of biometric). Whether it's your voice, fingerprint, retina or something else, a biometric is unique to you.
Several individuals in the technology industry believe biometrics could be a replacement for passwords.
"I absolutely think the password is an endangered species," said Tom Field, Virginia-based senior vice president of editorial at Information Security Media Group. "We already have a generation of iPhone users opening their phones with fingerprints. Face recognition is next. Before long, we likely will be using multiple factors of who we are – fingerprints, faces, retinas and voice recognition.
"That will solve one big security problem. You won't catch people leaving their fingerprints and voices on sticky notes at their desks," Field added.
Behavior. Using behavior as the sole security authenticator may never happen, but it's being used as a strong factor in validating identity. For example, your online habits, the way you type (keystroke) and other behaviors can be used as a strong identity indicator.
If coupled with other items, such as a biometric, for multi-factor authentication, user behavior could help to push passwords into the past.
Passwords could eventually go away. There are plenty of groups and companies working on making that a reality. But for the near-term, they will remain a factor for authentication in a multi-factor world.