What is the future of passwords? It seems that every year our passwords become more complicated and less secure, but why? The history of passwords gives us some clues as to why passwords just don’t seem to work and what they might become in the future. Are passwords already becoming obsolete?
That doesn’t mean we have to start leaving open doors for hackers. In fact, it’s quite the opposite. Passwords aren’t secure because they were never meant to be secure, and security comes from things other than passwords.
The history of passwords – and password theft – starts in 1960 at MIT. There was a computer system that was shared by multiple users. Because computing power was so limited, there were time limits placed on how long each user could access the shared mainframe. Due to these limitations, each user was issued a username and password to access their work stations for their set amount of time each day.
By 1962, PhD candidate Alan Sheer was given just four hours a day to complete his studies. His work required more time to complete, so he accessed the password log and was able to gain extra time by signing in as his colleagues.
We can see from this history that passwords were never meant to protect anything, just to allow access. It was a form of metering rather than a form of protection.
A few years later, passwords got encryption called “hashing”. Shortly thereafter that encryption was enhanced with a technology known as “salting,” which is effectively just adding additional characters to an encrypted password.
Still, about half of users are using passwords like “123456” or reusing passwords for multiple sites, even though they know they aren’t supposed to do that. Some sites now require special characters and variation of cases to make passwords stronger, but it doesn’t always help.
That’s about as strong as passwords ever got, and even then the ability of hackers to exploit them was easier and more common than most people realize. That’s because hackers rarely bother to try to steal or discover passwords. Hackers know that the easiest way to gain access to a person’s account is to trick them into letting you in freely.
Phishing attacks became the method du jour for hackers across the world. Why go through all the trouble to steal someone’s password when all you have to do to gain access to their accounts is ask?
Hackers send malicious links in emails with subjects like “new building evacuation plan” or “lawsuit pending – action needed” because they know if they can scare you enough they will throw you off kilter and you will give up whatever they want.
Passwords aren’t actually that much protection once you get down to it. They are bordering on obsolete, too. Biometrics are taking the place of passwords already, but biometrics can’t do everything. Multi-factor authentication can help prevent some attacks, but the authentication process is often simple to intercept. So what comes after passwords that can actually protect us online?
Password management apps have been used with success for a few years. The idea there is to keep all your passwords in one secure place, so all you have to do is sign in to one place and it can sign you in everywhere. Unfortunately, even these services have been hacked before.
Certificate-based credentialing and risk-based authentication can eliminate the need for passwords and help secure accounts. Certificate-based authentication extends trust to certain individuals, while risk-based authentication looks at information like IP address, location, and device security posture to determine whether there is a risk.
Eliminating passwords reduces risk associated with weak or reused passwords, guessable passwords, and hackable password databases. 91% of people know they aren’t supposed to reuse passwords, but 66% do it anyway, leaving more than just themselves exposed to hackers.
Because passwords were never meant to protect anything, their security is based on adding on to an old, outdated method. All those add-ons can easily be bypassed by hackers. In order to secure information online, we have to most past the notion that passwords will protect us. Learn more about the history and future of passwords from the infographic below.