Goodbye Passwords!

Nov 13th, 2013 | Posted by
Bookmark and Share

I wish. It would be great if we could make the password a thing of the past, but alas we are still reliant on this old school approach. The password as we know it will eventually be a thing of the past, and multifactor authentication will evolve with it. One of the better articles I have read in the past year on this topic is, Kill the Password: Why a String of Characters Can’t Protect Us Anymore. The article explains how Mat Honan, a senior writer at Wired, had  his entire digital life destroyed in the span of an hour.

This is a highly relevant topic for banks as customers continue to make use of the good old password. What’s next? Capital One has taken a crack at replacing the password with a swipe gesture, a concept I have been talking about for some time now.  Is it foolproof? Let’s be clear – nothing is foolproof. If it was built by humans it can be breached by humans. With that said, progress is a good thing, and we are starting to move beyond classic authentication. Mobile is very much a catalyst for this.

  1. JC
    Nov 15th, 2013 at 00:22
    Reply | Quote | #1

    And the next person that handles the phone will easily just retrace the path of the finger smudges left on the glass to log in. Great idea!

  2. Jacob Jegher
    Nov 15th, 2013 at 00:46
    Reply | Quote | #2

    This is a known issue with this type of approach.
    http://news.cnet.com/8301-30685_3-57377224-264/reverse-smudge-engineering-foils-android-unlock-security/
    It is however far easier said than done depending on type of pattern being enforced. In my opinion banks should use a strong pattern. In other words a simple shape or swipe won’t do it. A minimum number of dots to trace over would be required and that can make it more difficult to figure out.

    The motivation behind this post is to show that there are alternatives to the good old password, and I am encouraged by banks trying out different methods in layered security environments.