Why the traditional password is becoming obsolete
As the internet, websites and web applications continue to develop both in size and scope, there are an increasing number of highly publicised data breaches. Within the last decade, T-Mobile, Nationwide and even HMRC are just a small selection of the large names that have fallen victim to security breaches.
These very public displays of information insecurity make the end user increasingly reluctant to use the traditional username/email and password credentials alone as a secure way of signing up to a site or service. In theory, the password can be a very secure method of ensuring account security – however with the adoption of password managers not as widespread as the growth of userbase, the need to remember a password combination often results in a weak and/or repeated password being used for multiple access credentials. This is a particularly risky scenario for a victim, who if faced with one data breach on a weaker site, could then have their access to multiple services fall into the wrong hands.
Shared Authentication – the job half done
Increasingly now (particularly since the wide adoption of Facebook, Google and other social networks) we’re greeted with the option of using existing credentials from these sites to logon to another 3rd party service. This adds a layer of convenience, with the need to remember multiple secure combinations of a password now reduced – however, it is still wholly reliant on the parent password at Facebook, for example, to be secure – otherwise a breach at Facebook would again expose access to all other accounts using that login.
Multi-Factor Authentication
In its infancy when compared to the more traditional methods of access, but increasingly prevalent is multi-factor authentication. The methods employed here centre around access credentials that only the user could viably gain access to – this can range from email authentication and web authentication dongles to biometric fingerprints.
USB dongle interfaces and hardware solutions are already used by a range of software suppliers and in many corporate environments and in the banking and other transactional scenarios. Similarly, there is an increasing adoption of email and mobile authentication as an optional (sometimes even required) extra layer of security to many websites and web apps. With Apple now having brought fingerprint identification firmly out of the realms of science fiction and into the mainstream, we will only see a further increase in the use of multifactor authentication methods to bolster security on the web.
As the convenience and cost of these interfaces further improves, so too will the vendor and user adoption of them. Given their usual supporting role at present to the username/password system in lieu of a complete replacement, it will likely be a while before we see the password become completely obsolete.













