Sometimes you must step outside of the zone to see the with total clarity.
During the past ten years I’ve watched as tech company after tech company has declared the death of passwords. As someone who manages 40+ professional and personal passwords, I was certainly onboard and looking forward to the funeral, because it meant I could live a password free life. A replacement for passwords. Yes, I was looking forward to never seeing the dreaded “Forgot my password” pop-up. No more password merry-go-rounds and no more bouts with the frustration and static of the forgotten password.
The death of the password made so much sense to me. Considering that half my passwords were the same and very basic – thus not secure and the other half were so complex they looked like something out from Einstein’s Theory of Relativity. There was no way I could remember my complex passwords and the solution was to create a handful of Post-it notes and strategically hide them around my office. The problem with the Post-it strategy is the glue eventually dries up and the Post-it ends up lost.
That’s right, passwords have broken our spirit at one time or another. They’ve also proven to be easily hacked or stolen. One wise CEO once said “Passwords are extremely secure. Just make sure you use a medley of 18 characters including caps, symbols, numbers etc. and change them DAILY!” Of course he was being factitious, but his point was well taken.
So the tech leaders all declared a war on passwords. One after the other they launch declarations, all with a subtly different spin, but ultimately delivering the same message. Like I said, I was onboard and even leading the charge. During the past few years I’ve written several blogs and editorials promoting the demise of passwords. Heck, I’m the VP Marketing for a fingerprint biometric solution provider, therefore why wouldn’t I expect that everyone would want to replace passwords with a touch of their finger?
But the question is, have are passwords too entrenched within our cybersecurity ecosystem to live without them? As we’ve discussed there is a way to maintain a high level of security using complex passwords, but what about the nuisance? How about that user that has to authenticate dozens of times throughout their day? Wouldn’t the complex password break their spirt and inhibit workflow? Wouldn’t the password need to be displayed somewhere for ease of recall?