Passwords Are Now a Weakness — Here's Why It's Time to Eliminate Them.
Passwords, while they may seem essential, are an outdated form of security that needs to be reevaluated.
By Jeff Jani •
Opinions expressed by Entrepreneur contributors are their own.
It's time to wake up to an uncomfortable truth: Passwords aren't going to keep us safe online anymore. A recent breach of Fast Company's content management system (CMS) should prove it. The hacker, known as Thrax, seemed more interested in posting offensive messages and highlighting the weaknesses than in stealing data, but the situation nevertheless provides a stark reminder that passwords aren't secure anymore.
Related: Passwords Are Scarily Insecure. Here Are a Few Safer Alternatives.
So, what's the alternative?
Granted, Fast Co.'s password management didn't align with password management recommendations. Their CMS was protected by just a default password that would take modern cracking software about .00002 seconds to beat (it was pizza123. Yes, really). The fact that Fast Co. bills itself as a tech-savvy online publication doesn't excuse this oversight, but it's by no means unique. How many of us do the same — leaving easy-to-remember passwords in place across many of our accounts? Just like Fast Co., we assume there's nothing there for a hacker to want and that we're not a good target. But that doesn't matter anymore, and it's time we eliminate the password altogether. It has officially outlived its usefulness.
Today, there are much better options than the humble password. Facial biometrics is the key to a world without passwords because of how unique our faces are. There are still challenges to sort out, of course, but as algorithms improve in accuracy, we'll see a wholesale shift to face ID for identity verification.
The most dependable path to widespread facial authentication is a digital identity wallet. This form of identity management differs from the type of face ID which unlocks your phone in the rigorous fraud prevention technology underpinning it. Liveness detection and other advances can prevent fraud, the likes of which might otherwise fool less-sophisticated facial recognition — techniques like using a photo, a deep fake or a 3D prosthetic mask.
Your face, validated against an authentic government ID, allows you to unlock your device, access accounts and provide personal data to anyone. As a result, users and businesses can be more sure that their data is safe from fraud and theft. Instead of a password you know, your password becomes something you are, which is much more difficult for thieves to steal.
Related: Recycled Passwords Are Putting Your Company at Risk
Passwords are frustrating — and they don't work
It's hard to imagine a digital world without passwords. They've become ubiquitous, and we take their existence for granted, which means that additional security measures are just that — an addition to the password. But a password isn't very secure, even in the rare circumstance when someone is diligent enough to follow best practices. Unfortunately, best practices happen to be incredibly difficult to manage, so businesses have added things like one-time passcodes or similar two-factor authentication (2FA). But it's not enough — even 2FA can be simple to hack.
Moving away from passwords will make for a much less frustrating user experience while strengthening security. Isn't it effortless to unlock your phone with your face? Compare that with an experience that everyone has shared — forgetting a password. You have to click a link, receive a new link, then come up with a new, complex password you've never used before. If there's one more step in the process, like receiving a verification code, it's even worse. And the unfortunate point is that if your email has been compromised, anyone can reset your password. Your password has become a weakness allowing a hacker to access your most personal data.
Passwords are also bad for companies. Businesses spend a significant amount of operational dollars on login issues. With facial biometrics, they could re-allocate these dollars to other initiatives. The cost savings from eliminating password reset-related costs and instead implementing a digital wallet technology typically generates a positive ROI over time, especially when you factor in the savings from the added security.
We keep clinging to the password because we can't imagine online life without it. The funny thing is, we've already caught glimpses of what life could be. Everything can be as easy as unlocking our phone with our face, and we're not sacrificing security with facial biometrics. We are actually making our authentication processes stronger than ever. Our passwords have become a weakness in managing our identities, and it's time to let them fade away for good.